jsoup - Sanitize HTML


Advertisements

Following example will showcase prevention of XSS attacks or cross-site scripting attack.

Syntax

String safeHtml =  Jsoup.clean(html, Whitelist.basic());  

Where

  • Jsoup − main class to parse the given HTML String.

  • html − Initial HTML String.

  • safeHtml − Cleaned HTML.

  • Whitelist − Object to provide default configurations to safeguard html.

  • clean() − cleans the html using Whitelist.

Description

Jsoup object sanitizes an html using Whitelist configurations.

Example

Create the following java program using any editor of your choice in say C:/> jsoup.

JsoupTester.java

import org.jsoup.Jsoup;
import org.jsoup.safety.Whitelist;

public class JsoupTester {
   public static void main(String[] args) {

      String html = "<p><a href='http://example.com/'"
         +" onclick='checkData()'>Link</a></p>";

      System.out.println("Initial HTML: " + html);
      String safeHtml =  Jsoup.clean(html, Whitelist.basic());

      System.out.println("Cleaned HTML: " +safeHtml);
   }
}

Verify the result

Compile the class using javac compiler as follows:

C:\jsoup>javac JsoupTester.java

Now run the JsoupTester to see the result.

C:\jsoup>java JsoupTester

See the result.

Initial HTML: <p><a href='http://example.com/' onclick='checkData()'>Link</a></p>
Cleaned HTML: <p><a href="http://example.com/" rel="nofollow">Link</a></p>
Advertisements