permaculture playing cards*
The moose likes JSP and the fly likes How to make comments safe from HTML code submits? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "How to make comments safe from HTML code submits?" Watch "How to make comments safe from HTML code submits?" New topic
Author

How to make comments safe from HTML code submits?

Stamin Adrian
Ranch Hand

Joined: Dec 21, 2012
Posts: 34

Let's say someone comments on my website with a a lot of html code. This code will be interpreted by the browser and ruin my application.

How would you choose to filter these html tags to make the comments safe. I need them all filtered out except for the <pre></pre> tag wich I need for another purpose.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60782
    
  65

Certainly one should never display un-escaped output -- that's how script injection attacks work. Using, <c:out> will automatically escape HTML characters so that the output will not be interpreted as HTML.

The fact that you want to allow <pre> complicates things bit. What exactly are you needing to do with <pre>?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Stamin Adrian
Ranch Hand

Joined: Dec 21, 2012
Posts: 34

<pre></pre> Is for a library I use to highlight code similarly to the one on javaranch. It's a js library. How would I go about doing that?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to make comments safe from HTML code submits?
 
Similar Threads
Java filter
how can i format the output?
Need An Idea to solve This
Best way to implement login + access rights
Need Assistance