xss-sanitizer | PHP XSS sanitizer tool for HTML | Hacking library
kandi X-RAY | xss-sanitizer Summary
kandi X-RAY | xss-sanitizer Summary
PHP XSS sanitizer tool for HTML.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Filters the given string .
- Run the given string filters .
- Applies all filters .
xss-sanitizer Key Features
xss-sanitizer Examples and Code Snippets
$sanitizer = new \Phlib\XssSanitizer\Sanitizer();
$sanitized = $sanitizer->sanitize($htmlInput);
Community Discussions
Trending Discussions on xss-sanitizer
QUESTION
We have a grails 3.1.10 restful service that takes in json data on the http post. This data can contain html/javascript which is not desired.
Using encodeAsHTML and the xss-sanitizer plugin XssSanitizerUtil.stripXSS methods I can see how to sanitize an individual string, but how can I push this to a higher scope through filters or something so that when request.JSON is used in the controller it has already been sanitized?
Or is there already another easier way to accomplish this?
...ANSWER
Answered 2019-Mar-11 at 18:00I created an interceptor to apply to the appropriate controllers. In it I made a copy of the JSON parse(HttpServletRequest request) method. Near the end of the method where it parses the inputStream I plugged in my Sanitizer class that uses xss-sanitizer:
QUESTION
I am using grails-xss-sanitizer in my grails application in v3.2.11. When I tried to upgrade my application to the latest 3.3.4. It reported below issue:
[2018-04-11 11:16:37,627] [main] ERROR o.s.b.SpringApplication - Application startup failed java.lang.NoClassDefFoundError: org/springframework/boot/context/embedded/FilterRegistrationBean at grails.plugin.xss.sanitizer.XssSanitizerGrailsPlugin$_doWithSpring_closure1.doCall(XssSanitizerGrailsPlugin.groovy:38) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1427) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:264) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034) at groovy.lang.Closure.call(Closure.java:418) at groovy.lang.Closure.call(Closure.java:412) at grails.spring.BeanBuilder.invokeBeanDefiningClosure(BeanBuilder.java:759) at grails.spring.BeanBuilder.beans(BeanBuilder.java:588) at grails.spring.BeanBuilder.invokeMethod(BeanBuilder.java:531) at org.grails.plugins.DefaultGrailsPlugin.doWithRuntimeConfiguration(DefaultGrailsPlugin.java:559) at org.grails.plugins.AbstractGrailsPluginManager.doRuntimeConfiguration(AbstractGrailsPluginManager.java:167) at grails.boot.config.GrailsApplicationPostProcessor.postProcessBeanDefinitionRegistry(GrailsApplicationPostProcessor.groovy:171) at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:272) at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:122) at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:687) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:525) at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360) at org.springframework.boot.SpringApplication.run(SpringApplication.java:303) at grails.boot.GrailsApp.run(GrailsApp.groovy:84) at grails.boot.GrailsApp.run(GrailsApp.groovy:393) at grails.boot.GrailsApp.run(GrailsApp.groovy:380) at grails.boot.GrailsApp$run.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:136) at com.the41.fraudnet.Application.main(Application.groovy:28) Caused by: java.lang.ClassNotFoundException: org.springframework.boot.context.embedded.FilterRegistrationBean at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 34 common frames omitted
FAILURE: Build failed with an exception.
- What went wrong: Execution failed for task ':bootRun'.
Process 'command '/opt/jdk1.8.0_131/bin/java'' finished with non-zero exit value 1
I saw in grails 3.3.x upgrade notes:
Spring Boot 1.5.x - supported in grails 3.3.x
Spring Boot 1.5.x removes a number of deprecated classes, notably several of the classes within the org.springframework.boot.context.embedded package.
If your application is referencing any of the classes within this package you will need to alter your imports to use org.springframework.boot.web.servlet instead.
All classes in the org.springframework.boot.context.web package have been deprecated and relocated per the Spring Boot 1.4 Release Notes.
And xss-sanitizer plugin is using the classes defined in package "org.springframework.boot.context.embedded"
So, Is there any plans on the upgrade of xss-sanitizer plugin for grails 3.3.x or any workaround for this issue?
...ANSWER
Answered 2018-Apr-11 at 14:54There is no reasonable workaround to this other than to upgrade the plugin.
It appears that the plugin is being upgraded; see source here https://github.com/rpalcolea/grails-xss-sanitizer/blob/master/gradle.properties that references grails version 3.3.0. You may also want to track or comment on this issue: https://github.com/rpalcolea/grails-xss-sanitizer/issues/1 since it describes the problem that you are seeing.
QUESTION
I am using this Grails 3 plugin for sanitizing XSS from the user input. It is using regular expressions to filter out unwanted content. One of these expressions is:
...ANSWER
Answered 2018-Jan-23 at 11:08As a disclaimer, we should not in general be using regex to filter nested HTML content (and really any HTML) content. But since the OP appears to be using a tool which is doing this, there may not be an easy workaround.
The following pattern appears to work, and fires only on
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install xss-sanitizer
PHP requires the Visual C runtime (CRT). The Microsoft Visual C++ Redistributable for Visual Studio 2019 is suitable for all these PHP versions, see visualstudio.microsoft.com. You MUST download the x86 CRT for PHP x86 builds and the x64 CRT for PHP x64 builds. The CRT installer supports the /quiet and /norestart command-line switches, so you can also script it.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page