• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to make comments safe from HTML code submits?

 
Stamin Adrian
Ranch Hand
Posts: 34
Chrome Netbeans IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Let's say someone comments on my website with a a lot of html code. This code will be interpreted by the browser and ruin my application.

How would you choose to filter these html tags to make the comments safe. I need them all filtered out except for the <pre></pre> tag wich I need for another purpose.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64718
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Certainly one should never display un-escaped output -- that's how script injection attacks work. Using, <c:out> will automatically escape HTML characters so that the output will not be interpreted as HTML.

The fact that you want to allow <pre> complicates things bit. What exactly are you needing to do with <pre>?
 
Stamin Adrian
Ranch Hand
Posts: 34
Chrome Netbeans IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<pre></pre> Is for a library I use to highlight code similarly to the one on javaranch. It's a js library. How would I go about doing that?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic