Lionel Holt
Member since Jun 2, 2022
- Profile: /members/14559-lionel-holt.htm
- Comments: 3
Recent Blog Comments By Lionel Holt
-
Using The OWASP Java HTML Sanitizer In Lucee CFML 5.3.7.48 To Sanitize HTML Input And Prevent XSS Attacks
Posted on Jun 18, 2022 at 8:46 PM
Looking at the GitHub repo for Lucee's ESAPI extension , I see that the commit was actually farther back on Feb 23, but apparently it wasn't until April when Jake01 in the dev forum asked about sanitizing HTML that it was then announced and bundled in Lucee 5.3.9 RC3 . The responsiveness... read more »
-
Using The OWASP Java HTML Sanitizer In Lucee CFML 5.3.7.48 To Sanitize HTML Input And Prevent XSS Attacks
Posted on Jun 17, 2022 at 5:11 PM
I did some experimenting with jsoup and found that even with the relaxed Safelist, it's removing things I don't want it to such as style and target attributes. I assume the default behavior can be modified, but that's also true of OWASP. For years I've been using jsoup for parsing links from... read more »
-
Using The OWASP Java HTML Sanitizer In Lucee CFML 5.3.7.48 To Sanitize HTML Input And Prevent XSS Attacks
Posted on Jun 2, 2022 at 1:21 PM
Ben, do you have experience with how OWASP's Sanitizer compares vs jsoup's Cleaner?... read more »