Frank W. Zammetti wrote:
If you wind up writing one and would be so inclined, feel free to
contribute it to JWP :)
If I end up writing one, I'll definitely contribute it or make it available
somewhere!
L.
--
Laurie, Open Source advocate, Java geek and novice blogger:
http://www.holoweb.net/l
If you wind up writing one and would be so inclined, feel free to
contribute it to JWP :)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Tue, July 19, 2005 3:21 pm, Laurie Harper said:
> Craig McClanahan wrote:
>> I would imagine pretty m
Craig McClanahan wrote:
I would imagine pretty much any blogging software that allows
restricted HTML in comments (or pretty much any Wiki software that
accepts some HTML for formatting, for that matter) has dealt with this
kind of issue. Might be worth spelunking open source versions of
those p
On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote:
> Ed Griebel wrote:
> > So it seems like you want to a) render untrusted HTML, and b) render
> > secure html. Sounds like the basic requirement is at odds? You could
> > do something like slashdot and other BB systems do: restrict the
> > amount
Ed Griebel wrote:
So it seems like you want to a) render untrusted HTML, and b) render
secure html. Sounds like the basic requirement is at odds? You could
do something like slashdot and other BB systems do: restrict the
amount of valid markup to make your parsing job easier.
Ultimately, restri
So it seems like you want to a) render untrusted HTML, and b) render
secure html. Sounds like the basic requirement is at odds? You could
do something like slashdot and other BB systems do: restrict the
amount of valid markup to make your parsing job easier.
Another idea, one single regexp won't d
Frank W. Zammetti wrote:
Yeah, wouldn't help you filter on output, but I pointer that out before :)
True enough :)
Note that it does allow you to specify your own regex, so in reality you
can filter for whatever you want. I did this specifically so when
someone spots something I didn't thin
Craig McClanahan wrote:
While the code in question here might not help you, the concept of a
Filter still can. You can use Filters to monitor (and potentially
modify) the output stream by providing a wrapper around the
HttpServletResponse that the container hands you, with custom
implementations
I have one as part of Java Web Parts
(http://javawebparts.sourceforge.net). Let me know if it suits your needs
(and if not, let me know the shortcomings so I can expand it!)
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Mon, July 18, 200
And if you can't find that compression filter in Tomcat, JWP has one too
:) Does GZip and Deflate actualy :)
Frank
Craig McClanahan wrote:
On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote:
Frank W. Zammetti wrote:
Not a problem...
http://javawebparts.sourceforge.net/javadocs/index.ht
Yeah, wouldn't help you filter on output, but I pointer that out before :)
Note that it does allow you to specify your own regex, so in reality you
can filter for whatever you want. I did this specifically so when
someone spots something I didn't think of it's easy to make it catch
those too.
On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote:
> Frank W. Zammetti wrote:
>
> > Not a problem...
> >
> > http://javawebparts.sourceforge.net/javadocs/index.html
> >
> > In the javawebparts.filter package, you should see the
> > CrossSiteScriptingFilter.
> >
> > This will filter any incoming
Not a problem...
http://javawebparts.sourceforge.net/javadocs/index.html
In the javawebparts.filter package, you should see the
CrossSiteScriptingFilter.
This will filter any incoming parameters, and optionally attributes (good
for if your forwarding somewhere) for a list of characters (you can
Thanks; I had a quick hunt through the Javadocs but couldn't see anything
relevant. Can you give me a push in the right direction? ;-)
L.
Frank W. Zammetti wrote:
I have one as part of Java Web Parts
(http://javawebparts.sourceforge.net). Let me know if it suits your needs
(and if not, let m
Does anyone know of a good, complete implementation of a cross-site
scripting filter for pre-processing user entered text that needs to be
rendered as HTML? Obviously / ${fn:escapeXml()} / etc. aren't the
right solution ;-) but there's nothing in standard JSTL or Struts (that I
know of) that i
Frank W. Zammetti wrote:
Not a problem...
http://javawebparts.sourceforge.net/javadocs/index.html
In the javawebparts.filter package, you should see the
CrossSiteScriptingFilter.
This will filter any incoming parameters, and optionally attributes (good
for if your forwarding somewhere) for a
16 matches
Mail list logo
