You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@openmeetings.apache.org by rahul bhola <rb...@gmail.com> on 2013/10/23 16:09:55 UTC

solution to the code injection thing

for the js code injection we could use some thing similar to
http://htmlpurifier.org/
the above framework is in PHP. the same could be ported to java. It is
basically based on the logic of whitelisting tags although some
modifications need to be made in our case cause we used <a> tag to inject
the script yet i think that  a similar structure could work against code
injection for us

regards
Rahul