Sanitize all requests

70 views

Skip to first unread message

[email protected]

unread,

Aug 16, 2018, 9:32:41 AM8/16/18

to OWASP Java HTML Sanitizer Support

I am new to this and I understand that it might be possible to automatically sanitize all request data using this library - rather than sanitizing each bit of data.

We have a JSP application and I have installed the library and tested the sanitizing on a couple of fields which works fine.

I could build a filter servlet and add it to the project, but I thought there might be one already out there I could just install and configure?

Is this a thing - or is it really designed to be used to sanitize individual content one bit at a time?

Thanks

Andrew

Jim Manico

unread,

Aug 16, 2018, 10:07:33 AM8/16/18

to [email protected]

This library is meant to sanitize small snippets of HTML from WYSIWYG editors and other data entry fields that include HTML. This is a common use case for web apps.

If users input is not meant to include HTML then would be better off escaping data as you add it to a UI.

It’s not meant to sanitize full HTML documents.

Aloha,

Jim Manico

@Manicode

Secure Coding Education

+1 (808) 652-3805

--
You received this message because you are subscribed to the Google Groups "OWASP Java HTML Sanitizer Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages