Web Front-end
HTML Tutorial
[Jsoup Learning Etiquette] Eliminate untrusted HTML (to prevent XSS attacks)_html/css_WEB-ITnose
[Jsoup Learning Etiquette] Eliminate untrusted HTML (to prevent XSS attacks)_html/css_WEB-ITnose
Question
When building a website, user comments are often provided. Some malicious users will insert some scripts into the comment content, and these scripts may destroy the behavior of the entire page, or more seriously, obtain some confidential information. At this time, the HTML needs to be cleaned to avoid cross-site scripting. -site scripting attacks (XSS).
Method
Use the jsoup HTML Cleaner method for cleaning, but you need to specify a configurable Whitelist.
String unsafe = "<p><a href='http://example.com/' onclick='stealCookies()'>Link</a></p>";String safe = Jsoup.clean(unsafe, Whitelist.basic());// now: <p><a href="http://example.com/" rel="nofollow">Link</a></p>
Description
XSS is also called CSS (Cross Site Script), a cross-site scripting attack. It refers to a malicious attacker inserting malicious HTML code into a Web page. When a user browses the page, the HTML code embedded in the Web will be executed, thereby achieving the special purpose of maliciously attacking the user. XSS is a passive attack. Because it is passive and difficult to exploit, many people often ignore its harm. So we often only allow users to enter plain text content, but this results in a poor user experience.
A better solution is to use a WYSIWYG rich text editor such as CKEditor and TinyMCE. These can output HTML and enable visual editing by the user. Although they can be verified on the client side, this is not secure enough. It needs to be verified on the server side and remove harmful HTML code to ensure that the HTML entered into your website is safe. Otherwise, an attacker is able to bypass client-side Javascript validation and inject insecure HMTL directly into your website.
jsoup's whitelist cleaner can filter the HTML input by the user on the server side and only output some safe tags and attributes.
jsoup provides a series of basic Whitelist configurations that can meet most requirements; but they can be modified if necessary, but be careful.
This cleaner is very easy to use. It can not only avoid XSS attacks, but also limit the range of tags that users can enter.
See
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1389
52
Is HTML easy to learn for beginners?
Apr 07, 2025 am 12:11 AM
HTML is suitable for beginners because it is simple and easy to learn and can quickly see results. 1) The learning curve of HTML is smooth and easy to get started. 2) Just master the basic tags to start creating web pages. 3) High flexibility and can be used in combination with CSS and JavaScript. 4) Rich learning resources and modern tools support the learning process.
The Roles of HTML, CSS, and JavaScript: Core Responsibilities
Apr 08, 2025 pm 07:05 PM
HTML defines the web structure, CSS is responsible for style and layout, and JavaScript gives dynamic interaction. The three perform their duties in web development and jointly build a colorful website.
What is an example of a starting tag in HTML?
Apr 06, 2025 am 12:04 AM
AnexampleofastartingtaginHTMLis,whichbeginsaparagraph.StartingtagsareessentialinHTMLastheyinitiateelements,definetheirtypes,andarecrucialforstructuringwebpagesandconstructingtheDOM.
Understanding HTML, CSS, and JavaScript: A Beginner's Guide
Apr 12, 2025 am 12:02 AM
WebdevelopmentreliesonHTML,CSS,andJavaScript:1)HTMLstructurescontent,2)CSSstylesit,and3)JavaScriptaddsinteractivity,formingthebasisofmodernwebexperiences.
Gitee Pages static website deployment failed: How to troubleshoot and resolve single file 404 errors?
Apr 04, 2025 pm 11:54 PM
GiteePages static website deployment failed: 404 error troubleshooting and resolution when using Gitee...
How to implement adaptive layout of Y-axis position in web annotation?
Apr 04, 2025 pm 11:30 PM
The Y-axis position adaptive algorithm for web annotation function This article will explore how to implement annotation functions similar to Word documents, especially how to deal with the interval between annotations...
How to use CSS3 and JavaScript to achieve the effect of scattering and enlarging the surrounding pictures after clicking?
Apr 05, 2025 am 06:15 AM
To achieve the effect of scattering and enlarging the surrounding images after clicking on the image, many web designs need to achieve an interactive effect: click on a certain image to make the surrounding...
Why do you need to call Vue.use(VueRouter) in the index.js file under the router folder?
Apr 05, 2025 pm 01:03 PM
The necessity of registering VueRouter in the index.js file under the router folder When developing Vue applications, you often encounter problems with routing configuration. Special...
