This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JSP and the fly likes How to make comments safe from HTML code submits? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "How to make comments safe from HTML code submits?" Watch "How to make comments safe from HTML code submits?" New topic
Author

How to make comments safe from HTML code submits?

Stamin Adrian
Ranch Hand

Joined: Dec 21, 2012
Posts: 34

Let's say someone comments on my website with a a lot of html code. This code will be interpreted by the browser and ruin my application.

How would you choose to filter these html tags to make the comments safe. I need them all filtered out except for the <pre></pre> tag wich I need for another purpose.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

Certainly one should never display un-escaped output -- that's how script injection attacks work. Using, <c:out> will automatically escape HTML characters so that the output will not be interpreted as HTML.

The fact that you want to allow <pre> complicates things bit. What exactly are you needing to do with <pre>?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Stamin Adrian
Ranch Hand

Joined: Dec 21, 2012
Posts: 34

<pre></pre> Is for a library I use to highlight code similarly to the one on javaranch. It's a js library. How would I go about doing that?
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: How to make comments safe from HTML code submits?
 
Similar Threads
Java filter
how can i format the output?
Need An Idea to solve This
Best way to implement login + access rights
Need Assistance