undefinedfix
Sign in

What is a better way to filter sensitive words in XSS?

jackyli0420 edited in Wed, 22 Sep 2021

Java Web project

In the content submitted by post, there are many inputs that do not need sensitive word filtering and XSS special character filtering

For example, the select drop-down box options, input is determined content

It's just that the text box input needs to be filtered

If you use a filter, it filters all the input

It's obviously not very good. It's too expensive

What is a better way to filter sensitive words in XSS?

What do I do now

@Override
public String getParameter(String name) {
    String value = super.getParameter(name);
    if (value != null) {
        value = filterSensitiveWords(value);
    }
    return value;
}

But it can't be treated differently. The key is how to treat differently

7 Replies
computernoob2012
commented on Wed, 22 Sep 2021

As long as the content is user generated, it should be "displayed as is". Both the back-end template and the front-end framework have relevant mechanisms.

openHBP
commented on Thu, 23 Sep 2021

The data generated by the front-end is not reliable, and people who know the business can easily bypass the various verification rules set by the front-end. For the sake of security, the back-end should filter all the data generated by the front-end before warehousing. This performance cost is far more worthwhile than leaving security risks.

user33276346
commented on Thu, 23 Sep 2021

You can customize a text box input HTML tag with a special attribute. Add this attribute to the input tag you want to filter. The background judges whether to filter according to the attribute

ThaSami
commented on Thu, 23 Sep 2021

Depending on the content format, if it's JS, consider the Apache commons Lang escape JavaScript method

OTRAY
commented on Thu, 23 Sep 2021

You can use other people's, such as dun.163.com of 163

Hamuel
commented on Thu, 23 Sep 2021

All unified filtering, including rich text filtering alone

user5673191
commented on Fri, 24 Sep 2021

https://github.com/yujunhao88...

lock This question has been locked and the reply function has been disabled.