Preventing XSS (Cross-site Scripting)

If you are not looking to use an editor you might consider OWASP's AntiSamy.

You can run an example here: http://www.antisamy.net/

How much HTML are you going to support? Just bold/italics/the basic stuff? In that case, you can convert those to markdown syntax and then strip the rest of the HTML.

The stripping needs to be done server side, before you store it. You need to validate the input on the server as well, when checking for SQL-vulnerabilities and other unwanted stuff.

asp.net asp.net-mvc security xss

If you need to do it in the browser: http://code.google.com/p/google-caja/wiki/JsHtmlSanitizer

CodeHunter

Preventing XSS (Cross-site Scripting)

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last