DeXSS project provides a SAX2 Parser to help protect against Cross-site scripting (XSS) attacks.
DeXSS uses TagSoup to parse potentially malformed input, followed by a SAX2 filter pipeline to remove JavaScript from HTML.
You can use the DeXSS parser in place of your existing SAX2 parser, or you can use the DeXSS utility to provide a string-to-string conversion.
Requirements:
· Tag Soup
How to build
1. Obtain tagsoup-1.1.jar from http://tagsoup.info (If you need to change the TagSoup version, edit the file etc/build/build.properties.)
2. Place it in the dexss-1.0.0 directory
3. Type ant dist docs-api -emacs
How to test
1. Test for false positives
java -classpath tagsoup-1.1.jar:dist/lib/dexss-1.0.0.jar com.xerox.adoc.dexss.Test tests/benign/*.txt
or
java -classpath tagsoup-1.1.jar;dist/lib/dexss-1.0.0.jar com.xerox.adoc.dexss.Test tests/benign/*.txt
2. Test for false negatives
java -classpath tagsoup-1.1.jar:dist/lib/dexss-1.0.0.jar com.xerox.adoc.dexss.Test tests/xss/*.txt
or
java -classpath tagsoup-1.1.jar;dist/lib/dexss-1.0.0.jar com.xerox.adoc.dexss.Test tests/xss/*.txt
Product's homepage
Find us on Google+
