Craig McClanahan wrote:
I would imagine pretty much any blogging software that allows
restricted HTML in comments (or pretty much any Wiki software that
accepts some HTML for formatting, for that matter) has dealt with this
kind of issue. Might be worth spelunking open source versions of
those
If you wind up writing one and would be so inclined, feel free to
contribute it to JWP :)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Tue, July 19, 2005 3:21 pm, Laurie Harper said:
Craig McClanahan wrote:
I would imagine pretty
Frank W. Zammetti wrote:
If you wind up writing one and would be so inclined, feel free to
contribute it to JWP :)
If I end up writing one, I'll definitely contribute it or make it available
somewhere!
L.
--
Laurie, Open Source advocate, Java geek and novice blogger:
Frank W. Zammetti wrote:
Not a problem...
http://javawebparts.sourceforge.net/javadocs/index.html
In the javawebparts.filter package, you should see the
CrossSiteScriptingFilter.
This will filter any incoming parameters, and optionally attributes (good
for if your forwarding somewhere) for a
Does anyone know of a good, complete implementation of a cross-site
scripting filter for pre-processing user entered text that needs to be
rendered as HTML? Obviously c:out/ / ${fn:escapeXml()} / etc. aren't the
right solution ;-) but there's nothing in standard JSTL or Struts (that I
know of)
Thanks; I had a quick hunt through the Javadocs but couldn't see anything
relevant. Can you give me a push in the right direction? ;-)
L.
Frank W. Zammetti wrote:
I have one as part of Java Web Parts
(http://javawebparts.sourceforge.net). Let me know if it suits your needs
(and if not, let
Not a problem...
http://javawebparts.sourceforge.net/javadocs/index.html
In the javawebparts.filter package, you should see the
CrossSiteScriptingFilter.
This will filter any incoming parameters, and optionally attributes (good
for if your forwarding somewhere) for a list of characters (you can
On 7/18/05, Laurie Harper [EMAIL PROTECTED] wrote:
Frank W. Zammetti wrote:
Not a problem...
http://javawebparts.sourceforge.net/javadocs/index.html
In the javawebparts.filter package, you should see the
CrossSiteScriptingFilter.
This will filter any incoming parameters, and
Yeah, wouldn't help you filter on output, but I pointer that out before :)
Note that it does allow you to specify your own regex, so in reality you
can filter for whatever you want. I did this specifically so when
someone spots something I didn't think of it's easy to make it catch
those
And if you can't find that compression filter in Tomcat, JWP has one too
:) Does GZip and Deflate actualy :)
Frank
Craig McClanahan wrote:
On 7/18/05, Laurie Harper [EMAIL PROTECTED] wrote:
Frank W. Zammetti wrote:
Not a problem...
I have one as part of Java Web Parts
(http://javawebparts.sourceforge.net). Let me know if it suits your needs
(and if not, let me know the shortcomings so I can expand it!)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Mon, July 18,
Craig McClanahan wrote:
While the code in question here might not help you, the concept of a
Filter still can. You can use Filters to monitor (and potentially
modify) the output stream by providing a wrapper around the
HttpServletResponse that the container hands you, with custom
Frank W. Zammetti wrote:
Yeah, wouldn't help you filter on output, but I pointer that out before :)
True enough :)
Note that it does allow you to specify your own regex, so in reality you
can filter for whatever you want. I did this specifically so when
someone spots something I didn't
So it seems like you want to a) render untrusted HTML, and b) render
secure html. Sounds like the basic requirement is at odds? You could
do something like slashdot and other BB systems do: restrict the
amount of valid markup to make your parsing job easier.
Another idea, one single regexp won't
Ed Griebel wrote:
So it seems like you want to a) render untrusted HTML, and b) render
secure html. Sounds like the basic requirement is at odds? You could
do something like slashdot and other BB systems do: restrict the
amount of valid markup to make your parsing job easier.
Ultimately,
On 7/18/05, Laurie Harper [EMAIL PROTECTED] wrote:
Ed Griebel wrote:
So it seems like you want to a) render untrusted HTML, and b) render
secure html. Sounds like the basic requirement is at odds? You could
do something like slashdot and other BB systems do: restrict the
amount of valid
16 matches
Mail list logo
