Menu
We use jsp, servlets, beans with mysql database. We don't want to restrict the characters entered by users on form fields. So how do I sanitize the input and how to make sure the output is not changed for malicious activities. Is there way while sending the output I could check if extra code has been sent. Like suppose there is search input field -- the user gives something like <script>alert("I am here")</script>. Is there anway I could know this is a html tag. If the user appends an extra parameter to a link field, is there like a before and after check I could do for the document to realize there has been a extra link field.
Give jsoup a go to help you out with this. Whatever you do, don't try to hack this up using regex or something, because then you'll have 2 problems. :-)
With jsoup, all you need is a short snippet of code:
String safe = Jsoup.clean(unsafe, Whitelist.basic());
You can add tags and attributes to Whitelist fairly easily, though I found it doesn't support namespace tags.
57
answered Sep 07 '25 19:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With