DeXSS -- Java program for removing JavaScript from HTML

DeXSS -- Java program for removing JavaScript from HTML

Dynamic web sites which allow users to enter text content containing HTML are at risk for so-called cross-site scripting attacks (Wikipedia, Securitydocs) attacks.

A common approach taken to mitigate this risk is to allow some HTML content, but block content that is potentially harmful. One problem with a straightforward approach to blocking such content is that HTML parsing in browsers differs from the ideal, and nefarious individuals can take advantage of these differences to obscure content.

DeXSS uses TagSoup, an open-source HTML parser that attempts to mimic how web browsers work. TagSoup reads wild HTML and generates SAX2 events. DeXSS invokes TagSoup and follows it with a pipeline of SAX2 filters to remove HTML tags such as script and attribute values containing such scripts.

By: Leigh L. Klotz, Jr

Read More {Here}

............ ...............................................................................................................................................................................................

....................................................................................................................................................................................................................

..................................................................................................................................................................................................................