Description
The XssSanitizer is a small, focused package that allows you to deal with malicious Html and Javascript that might be injected into your application via user input.
Out of the box, it comes with a standard setup (oXssSanitizerStandard) which should cover most cases for the majority of users. It is however highly configurable, featuring several “sanitize modes” as well as being able to specify what to allow or block.
Why this component?
Within Web Applications, it is often possible for a user to enter freeform text via webforms. This text gets sent to the server, where it is processed further like being saved. Often, this user input is then shown in other parts of the application, like a name, description, biography, reply, etc.
If it is possible for the user to enter freeform text, they can misuse this to enter malicious HTML and JavaScript. If this user input is then shown somewhere else, it opens the door for Cross-Site Scripting (XSS). To combat this, user input needs to be checked and sanitized.