Uploaded image for project: 'Apache Roller'
  1. Apache Roller
  2. ROL-1727

XSS filtering for comments and blog posts

    XMLWordPrintableJSON

    Details

      Description

      This set of classes will filter potential XSS attacks from comments and blog posts. Without it, users could potentially use a XSS attack to take over an admin account (for example).

      This uses AntiSammy (http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project) to remove potential attack vectors. The attached antisammy jar has been modified to support config loading from the classpath, instead of from the file system.

      To build, copy the classes to the appropriate locations in your source tree and the antisammy jar to the WEB-INF\lib directory.

      To use, add
      <filter>
      <filter-name>JavaScriptStrippingFilter</filter-name>
      <filter-class>org.apache.roller.myedna.filters.JavaScriptStrippingFilter</filter-class>
      </filter>

      and

      <filter-mapping>
      <filter-name>JavaScriptStrippingFilter</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>

      to your web.xml

        Attachments

        1. antisamy-bin.1.1.1.jar
          1.91 MB
          Nick Lothian
        2. antisamy-myspace-1.1.1.xml
          76 kB
          Nick Lothian
        3. JavaScriptStrippingFilter.java
          3 kB
          Nick Lothian
        4. Utils.java
          0.7 kB
          Nick Lothian

          Activity

            People

            • Assignee:
              snoopdave David M. Johnson
              Reporter:
              nlothian Nick Lothian
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: