Issue 18524

XSS option in dataset description and elsewhere

18524
Reporter: hoefft
Assignee: cgendreau
Type: Improvement
Summary: XSS option in dataset description and elsewhere
Description: There are occasions where we insert html directly from the data provided by the publisher. That opens the door for XSS. We should escape dangerous tags. For occurrences it might make sense to remove tags altogether. For dataset descriptions and the like, we could remove scripts and iframes.
Priority: Unassessed
Resolution: Fixed
Status: Closed
Created: 2016-06-13 13:16:46.79
Updated: 2017-10-10 16:02:31.194
Resolved: 2017-10-10 16:02:31.175


Author: cgendreau
Created: 2016-06-16 13:43:18.51
Updated: 2016-06-16 13:43:18.51
        
The following library should be used to acheive that:
https://github.com/OWASP/java-html-sanitizer