Can Owasp JAVA HTML Sanitizer be used in jsp file?
503 views
Skip to first unread message
gordo...@gmail.com
Apr 28, 2014, 6:09:00 PM4/28/14
to owasp-java-html-...@googlegroups.com
Is the HTML Sanitizer only for java and not for use inside a jsp page?
In my jsp page I've used:
<%@page import="org.owasp.html.HtmlPolicyBuilder"%>
<%@page import="org.owasp.html.Sanitizers" %>
..
..
..
out.println(Sanitizers.FORMATTING.sanitize("<b>Hello, World!</b>"));
I'm getting an error
In my jsp page I've used:
<%@page import="org.owasp.html.HtmlPolicyBuilder"%>
<%@page import="org.owasp.html.Sanitizers" %>
..
..
..
out.println(Sanitizers.FORMATTING.sanitize("<b>Hello, World!</b>"));
I'm getting an error
HTTP Status 500 - Unable to compile class for JSP:
type Exception report
message Unable to compile class for JSP:
description The server encountered an internal error that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 11 in the generated java file
Only a type can be imported. org.owasp.html.HtmlPolicyBuilder resolves to a package
An error occurred at line: 12 in the generated java file
Only a type can be imported. org.owasp.html.Sanitizers resolves to a package
An error occurred at line: 362 in the jsp file: /login.jsp
Sanitizers.FORMATTING cannot be resolved to a type
359: out.println(" Yes url encoding: " + Encode.forUriComponent(currentgg)+ "<br>");
360: out.println("Yes Javascript encoding: " + Encode.forJavaScriptBlock(currentgg)+ "<br>");
361:
362: out.println(Sanitizers.FORMATTING.sanitize("<b>Hello, World!</b>"));
363:
364: %>
365:
Thanks,
Gordon
Mike Samuel
Apr 28, 2014, 6:14:54 PM4/28/14
to owasp-java-html-...@googlegroups.com
This looks like a classpath error to me since both of those qualified
names name a class. How are you telling your container that you
depend on the sanitizer JARs?
> --
> You received this message because you are subscribed to the Google Groups
> "OWASP Java HTML Sanitizer Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to owasp-java-html-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
names name a class. How are you telling your container that you
depend on the sanitizer JARs?
> You received this message because you are subscribed to the Google Groups
> "OWASP Java HTML Sanitizer Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to owasp-java-html-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
gordo...@gmail.com
Apr 28, 2014, 6:42:13 PM4/28/14
to owasp-java-html-...@googlegroups.com, mikes...@gmail.com
I've set my classpath environment in windows: C:\code\portal\lib\third-party\* which include all 3 required jars.
I'm using intellij, added the jars to build.xml, placed the jars inside ..\third-party\ , added the jars to the project library via File -> Project Structure -> + -> found the 3 jars and added it, then in my jsp page, I did the imports. See the other threads. I'm kind of new to intellij. I didn't have problem with the OWASP Java Encoder jar files.
Question: is JAVA HTML Sanitizer only for Java and not for JSP scriplets? The other week, I was learning Log4J x1 and later discovered that was primarily for Java and not for JSP.
Thanks,
Gordon
I'm using intellij, added the jars to build.xml, placed the jars inside ..\third-party\ , added the jars to the project library via File -> Project Structure -> + -> found the 3 jars and added it, then in my jsp page, I did the imports. See the other threads. I'm kind of new to intellij. I didn't have problem with the OWASP Java Encoder jar files.
Question: is JAVA HTML Sanitizer only for Java and not for JSP scriplets? The other week, I was learning Log4J x1 and later discovered that was primarily for Java and not for JSP.
Thanks,
Gordon
Reply all
Reply to author
Forward
0 new messages