rich:editor - security

jgurda Jan 18, 2010 3:58 PM

Hi,

This is my first post on this forum so I would like to say hallo to all of you.

Im going to use rich:editor to get data from users and display it later on the other web site. But some things aren't clear for me. How are you handling security of rich:editor? I have read something about security of TinyMce, and it looks good but TinyMce can be bypassed. Malicious HTML/CSS/JS code can be injected directly to textarea and submited. And what then? Are there some java libraries to analyze html/css/js code and remove dangerous parts? Or should I implement it myself?

Thanks in advance for replies,

Jan

1. Re: rich:editor - security

nbelaevski Jan 19, 2010 6:33 PM (in response to jgurda)

Hello Jan,

You can use SeamText or filter unwanted content using any of the available Java libraries, like this: http://www.owasp.org/index.php/ESAPI#tab=Java_EE.
Actions