Open shift-reality opened 5 years ago
It's Duplicate. There package: https://github.com/OWASP/java-html-sanitizer should be used for sanitize HTML&CSS styles on server-side. Also it remove all javascripts (anywhere), so untrusted content can be safety to embed in browser.. All harmful CSS and XSS removed. Always Emails use HTML 3.2 markup. Good Example case at: https://github.com/OWASP/java-html-sanitizer/blob/83c4ce38014d42709c8262804bba8254dfa2a30c/src/main/java/org/owasp/html/examples/EbayPolicyExample.java
Thanks
It's Duplicate. There package: https://github.com/OWASP/java-html-sanitizer should be used for sanitize HTML&CSS styles on server-side. Also it remove all javascripts (anywhere), so untrusted content can be safety to embed in browser.. All harmful CSS and XSS removed. Always Emails use HTML 3.2 markup. Good Example case at: https://github.com/OWASP/java-html-sanitizer/blob/83c4ce38014d42709c8262804bba8254dfa2a30c/src/main/java/org/owasp/html/examples/EbayPolicyExample.java
Thanks