All Questions

715
votes
18answers
570744 views

Insert HTML into view

Is it possible to create an HTML fragment in an AngularJS controller and have this HTML shown in the view? This comes from a requirement to turn an inconsistent JSON blob into a nested list of id : v...
61
votes
9answers
55840 views

Sanitize/Rewrite HTML on the Client Side

I need to display external resources loaded via cross domain requests and make sure to only display "safe" content. Could use Prototype's String#stripScripts to remove script blocks. But handlers su...
39
votes
8answers
27839 views

Best way to handle security and avoid XSS with user entered URLs

We have a high security application and we want to allow users to enter URLs that other users will see. This introduces a high risk of XSS hacks - a user could potentially enter javascript that anoth...
19
votes
6answers
21713 views

How to use C# to sanitize input on an html page?

Is there a library or acceptable method for sanitizing the input to an html page? In this case I have a form with just a name, phone number, and email address. Code must be C#. For example: "<...
1
votes
1answers
693 views

Server side HTML sanitizer/cleanup for JSF

Is there any HTML sanitizer or cleanup methods available in any JSF utilities kit or libraries like PrimeFaces/OmniFaces? I need to sanitize HTML input by user via p:editor and display safe HTML outp...
18
votes
2answers
47481 views

Simple HTML sanitizer in Javascript

I'm looking for a simple HTML sanitizer written in JavaScript. It doesn't need to be 100% XSS secure. I'm implementing Markdown and the WMD Markdown editor (The SO master branch from github) on my we...
0
votes
1answers
480 views

Escape non HTML tags in plain text (convert plain text to HTML)

Using Rails, I need to get a plain text and show it as HTML, but I don't want to use <pre> tag, as it changes the format.
4
votes
1answers
3012 views

How to make a Jsoup whitelist to accept certain attribute content

I'm using Jsoup with relaxed whitelist. It seems perfect but I would like to keep the embedded images tags like <img alt="" src="data:;base64. Is there a way to modify the whitelist to accept also...
7
votes
4answers
6334 views

Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)

I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFra...
17
votes
5answers
10144 views

HTML Sanitizer for .NET

I'm starting a project that will be public facing using asp.net mvc. I know there are about a billion php, python, and ruby html sanitizers out there, but does anyone have some pointers to anything go...

Previous Next