We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Java Library to fix XSS (Cross-site Scripting) for rich data

Medium Priority
951 Views
Last Modified: 2013-11-19
I have a web application written in Java and JSP. I am using Apache JServ server and not using any web frame works like Struts or Spring MVC.

I would like to fix the XSS issue reported by IBM AppScan. We allows the users to enter rich data (HTML).

Can anyone suggest the best way to fix this vulnerability?
Please suggest any libraries availble for this.

Thanks
Comment
Watch Question

call a javascript on all entry points where data is added and replace special characters like >< ' " with their html codes
Gibu GeorgeChief Technology Officer

Author

Commented:
As I mentioned in my question, we allows the user to enter HTML tags such as <b>, <br> etc and we shows the same user entered text in another read-only page. In that read-only page we would like apply the tags and show the text as bold or with line breaks. So replacing these characters with the html codes will start displaying the html codes in the read-only page.

Your thoughts?
Well Can other users see these pages.
Like a forum if one has posted a commentt all else can see it. In this case it should not enter html tags.
In that case provide them with your own custom tags like [bold] [/bold]. And replace them with orginal tags at the time of saving. Only support a few tags that need presentation.
Gibu GeorgeChief Technology Officer

Author

Commented:
Yes. One person will be posting and others will view it in read-only format. There are many persons who has authority to post the HTML text and they are doing it for years now. Asking them to post it using custom tags will be difficult since they have to learn our custom tags, but in case of HTML tags we dont have to teach them our custom tags. There are many posting already with HTML content and stored in our DB.

Your thoughts?
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
it is how it will look like
editor.jpg
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.