Hi,
This is my first post on this forum so I would like to say hallo to all of you.
Im going to use rich:editor to get data from users and display it later on the other web site. But some things aren't clear for me. How are you handling security of rich:editor? I have read something about security of TinyMce, and it looks good but TinyMce can be bypassed. Malicious HTML/CSS/JS code can be injected directly to textarea and submited. And what then? Are there some java libraries to analyze html/css/js code and remove dangerous parts? Or should I implement it myself?
Thanks in advance for replies,
Jan
Hello Jan,
You can use SeamText or filter unwanted content using any of the available Java libraries, like this: http://www.owasp.org/index.php/ESAPI#tab=Java_EE.