Prevent Xss injection in user generated content, JSOUP
posted 1 year ago
I'm writing sort of an "what you see is what you get " editor where user can post image with style, tables and also charts from the google API.
To prevent XSS injection I was thinking about using JSOUP together with a mark up language I would create specifically for the task. Since I'm a bit new to this XSS thing ( I use jsf which is well equipped against it) I was hoping I could have tips or
if someone could put me on the right track as I'm not totally sure using my own mark up language is needed and if JSOUP alone could do what I want. I did test JSOUP a bit but I'm not completly understanding it so far, as vanilla whitelists are not enough
to do what I'm trying to do and I'm a bit afraid of adding tags to the whitelist. So is using my own markup language safer ?
The content of what an user could submit could look like this: (I took this directly from the dev tool consol so this is an actual output, I just formatted it - and removed most of the code- if you notice br tags aren't closing that's not me, that's google).