JSOUP is XSS prevention tool. Jsoup can detect xss script in html and url also. Now i am giving example with url. Jsoup can validate the url with the help of "isValidate()" method. "isValidate()" method return type is boolean. If return type is true that means url having xss script so we need to clean the url with the help of "clean()" method. "clean()" method will return clean url as string.
JSOUP can handle all cheat sheet scenarios. url of cheat sheet is: "https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet"
JSOUP has clear api. "http://jsoup.org/apidocs/"
1. Download jsoup jar file
2. Write the code like the following
import java.io.UnsupportedEncodingException;import org.jsoup.Jsoup;import org.jsoup.safety.Whitelist;public class JsoupSolution { public static void main(String[] args) throws UnsupportedEncodingException { /* * Sequrity issue scenario */ String input = "GET /selfservice/forgotpwd.jsp?ssError=2&returnUrl=https://stg-wealthinteractive.skandiainternational.com/SecurityAndRoles/SignIn/SignIn?authn_try_count=06f080\"style%3d\"behavior%3aurl(%23default%23time2)\"onbegin%3d\"alert('xss')\"f6bc57307de&contextType=external&username=string&contextValue=%2Foam&password=sercure_string&challenge_url=https%3A%2F%2Fstg-wealthinteractive.skandiainternational.com%2FSecurityAndRoles%2FSignIn%2FSignIn&request_id=6990594052748823869&OAM_REQ=&locale=en_GB&resource_url=http%253A%252F%252Fstg-wealthinteractive.skandiainternational.com%252Fauth%252Flevel2.jsp%253FreturnURL%25253Dhttp%2525253A%2525252F%2525252Fstg-wealthinteractive.skandiainternational.com%2525252Fselfservice%2525252Flevel3.jsp%2525253FreturnURL%252525253Dhttp%25252525253A%25252525252F%25252525252Fstg-wealthinteractive.skandiainternational.com%25252525252FSkandia%25252525252Flogout HTTP/1.1"; String unsafe = "';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->\">'>"; String unsafe1 = " "; // String input = // "\"behavior%3aurl(%23default%23time2)\"onbegin%3d\"alert('xss')\""; // String input = " \">"; // String input = " "; // String input = "