XSS filter in RichFaces Editor

jwisnie1 Jul 3, 2009 7:25 AM

Hi,

As RichFaces editor (or any wysiwyg for that matter) allow user to input html-formated content, nice feature would be integrated, server-side anti-XSS (Cross-site Scriptiong) filter.

XSS is one of the top webbased applications threads, so including such funtionality should considerably improve quality of a RichFaces framework.

It could look something like this:

<rich: editor ...>
 <rich:XSSFilter allowedTags="..." stripComments="true|false" .../>
</rich:editor>

An example of a filter written for JAVA can be found here: http://josephoconnell.com/java/xss-html-filter/. Such filter is not dificult to write, as it is based some regular expressions.

JW

1. Re: XSS filter in RichFaces Editor

nbelaevski Jul 3, 2009 9:05 AM (in response to jwisnie1)

Hi,

You can use SeamText. It allows only a safe subset of HTML tags.
Actions