Search Options

Display Count
Sort
Preferred Language
Advanced Search

Results 1 - 6 of 6 for xss (0.02 seconds)

  2. github.com/codelibs/fess

    src/test/java/org/codelibs/fess/helper/MarkdownRendererTest.java 

            String malicious = "<a href=\"#\" onclick=\"alert('XSS')\">Click</a>";
        String result = markdownRenderer.render(malicious);
        // onclick attribute should be removed
        assertFalse(result.contains("onclick"));
    }

    @Test
    public void test_render_xss_javascriptProtocol() {
        String malicious = "[Click me](javascript:alert('XSS'))";
        String result = markdownRenderer.render(malicious);
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Wed Jan 14 14:29:07 GMT 2026
    - 11.1K bytes
    - Click Count (0)
  3. github.com/codelibs/fess

    src/main/java/org/codelibs/fess/helper/MarkdownRenderer.java 

    import org.owasp.html.HtmlPolicyBuilder;
import org.owasp.html.PolicyFactory;

/**
 * Renders markdown to sanitized HTML for safe display in the chat interface.
 * Uses commonmark for markdown parsing and OWASP HTML Sanitizer for XSS prevention.
 */
public class MarkdownRenderer {

    private static final Logger logger = LogManager.getLogger(MarkdownRenderer.class);

    private Parser markdownParser;
    private HtmlRenderer htmlRenderer;
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Mon Jan 12 10:32:40 GMT 2026
    - 5.3K bytes
    - Click Count (0)
  4. github.com/codelibs/fess

    src/test/java/org/codelibs/fess/chat/ChatClientTest.java 

        }

    @Test
    public void test_escapeHtml_scriptTag() {
        assertEquals("&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;", chatClient.testEscapeHtml("<script>alert('xss')</script>"));
    }

    // ========== buildGoUrl tests ==========

    @Test
    public void test_buildGoUrl_basic() {
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sat Mar 21 06:04:58 GMT 2026
    - 40.6K bytes
    - Click Count (0)
  5. github.com/codelibs/fess

    src/test/java/org/codelibs/fess/job/IndexExportJobTest.java 

            source.put("title", "Title with <script>alert('xss')</script>");
        source.put("content", "Content with & < > \" '");
        source.put("lang", "en");

        final String html = new HtmlIndexExportFormatter().format(source, Collections.emptySet());

        assertTrue(html.contains("<title>Title with &lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;</title>"));
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sun Mar 15 09:08:38 GMT 2026
    - 66.1K bytes
    - Click Count (0)
  6. github.com/codelibs/fess

    src/main/resources/fess_config.properties 

    # Inline MIME types for the response.
response.inline.mimetypes=application/pdf,text/plain
# HTTP headers for the response.
response.headers=\
text/html=X-XSS-Protection: 1; mode=block\n\
text/html=Content-Security-Policy: reflected-xss block\n\
text/html=X-Frame-Options: SAMEORIGIN\n\


# document index

# Index name for search documents.
index.document.search.index=fess.search
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sat Mar 28 06:59:19 GMT 2026
    - 59.3K bytes
    - Click Count (0)
  7. github.com/codelibs/fess

    src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java 

        String RESPONSE_INLINE_MIMETYPES = "response.inline.mimetypes";

    /** The key of the configuration. e.g. text/html=X-XSS-Protection: 1; mode=block<br>
     * text/html=Content-Security-Policy: reflected-xss block<br>
     * text/html=X-Frame-Options: SAMEORIGIN<br>
     *  */
    String RESPONSE_HEADERS = "response.headers";
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sat Mar 28 06:59:19 GMT 2026
    - 576.9K bytes
    - Click Count (2)
Back to Top