I am using JSoup library in Java to sanitize input to prevent XSS attacks. It works well for simple inputs like alert(‘vulnerable’). Example: Output: “” However, if I tweak the input to the following, JSoup cannot sanitize the input. Output: <script>alert(‘vulnerable’);</script> This output obviously still prone to XSS attacks. Is there a way to fully sanitize the input so that
Tag: xss
Apache Commons Text StringEscapeUtils vs JSoup for XSS prevention?
I want to clean user input for help preventing XSS attacks and we don’t necessarily care to have a HTML whitelist, as our users shouldn’t need to post any HTML / CSS. Eyeing the alternatives out there, which would be better? [Apache Commons Text’s StringEscapeUtils] [1] or [JSoup Cleaner][2]? Thanks! Update: I went with JSoup after writing some unit tests