/
Example4.java
32 lines (18 loc) · 930 Bytes
/
Example4.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
package lol.gilliard;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import java.io.IOException;
import static org.jsoup.safety.Whitelist.basicWithImages;
public class Example4 {
public static void main(String[] args) throws IOException {
// The HTML in this string has an attempt at an XSS in it
String xssHTML = "Check out my cool website: <a href='http://example.com' onclick='javascript: extractUsersSessionId()'>It's right here</a>";
Document dangerousFragment = Jsoup.parseBodyFragment(xssHTML);
System.out.print("Dangerous HTML:");
dangerousFragment.body().childNodes().forEach(System.out::println);
String cleanHTML = Jsoup.clean(xssHTML, basicWithImages());
Document safeFragment = Jsoup.parseBodyFragment(cleanHTML);
System.out.print("Safe HTML:");
safeFragment.body().childNodes().forEach(System.out::println);
}
}