Hi eric...
I tried using owasp ESAPI project. It works fine. But it cleans the malicious content, like script tags etc.
What i want is to allow some tags in my view email page such as <b> but encode script tag as <script>
Composed mail will look like this :
<b>someText</b>
<script>alert('xss')</script>
Viewing the mail will look like this :
someText
<script>alert('xss')</script>
Are there any standard
java tools/jars available which will do this ? because most of the things i saw encode everything or strip of script tags,etc.
Or should i try writing the entire thing from scratch ??
Thanks again...
Abhishek...