Safe html in java

Question

I have some input containing HTML like
etc. I need a way to escape only the \"bad\" HTML that exposes my si

Answer 1

You might want to just escape all html. If you want to have users be able to use basic html tags like <b> or <i> then you could just replace them with [b] and [i] (if your forum/whatever you're creating can use bbcode), then just replace all "<" and ">" with "<" and ">".

Answer 2

Playframework 2 already offers a solution.

the @Html() function filters bad html, which is really nice.

I really love play2

Answer 3

Google caja is a tool for making third party HTML, CSS and JavaScript safe to embed in your website.

Answer 4

OWASP AntiSamy is a project for just that. If you need users to be able to submit structured text, look at markdown (imho a lot better than BBCode).