- Sort Score
- Num 10 results
- Language All
Results 1 - 7 of 7 for xss (0.02 seconds)
-
src/test/java/org/codelibs/fess/helper/MarkdownRendererTest.java
String malicious = "<a href=\"#\" onclick=\"alert('XSS')\">Click</a>"; String result = markdownRenderer.render(malicious); // onclick attribute should be removed assertFalse(result.contains("onclick")); } @Test public void test_render_xss_javascriptProtocol() { String malicious = "[Click me](javascript:alert('XSS'))"; String result = markdownRenderer.render(malicious);
Created: Tue Mar 31 13:07:34 GMT 2026 - Last Modified: Wed Jan 14 14:29:07 GMT 2026 - 11.1K bytes - Click Count (0) -
src/main/java/org/codelibs/fess/helper/MarkdownRenderer.java
import org.owasp.html.HtmlPolicyBuilder; import org.owasp.html.PolicyFactory; /** * Renders markdown to sanitized HTML for safe display in the chat interface. * Uses commonmark for markdown parsing and OWASP HTML Sanitizer for XSS prevention. */ public class MarkdownRenderer { private static final Logger logger = LogManager.getLogger(MarkdownRenderer.class); private Parser markdownParser; private HtmlRenderer htmlRenderer;Created: Tue Mar 31 13:07:34 GMT 2026 - Last Modified: Mon Jan 12 10:32:40 GMT 2026 - 5.3K bytes - Click Count (0) -
src/main/webapp/js/suggestor.js
Created: Tue Mar 31 13:07:34 GMT 2026 - Last Modified: Thu Nov 20 11:04:08 GMT 2025 - 13.3K bytes - Click Count (0) -
src/test/java/org/codelibs/fess/chat/ChatClientTest.java
} @Test public void test_escapeHtml_scriptTag() { assertEquals("<script>alert('xss')</script>", chatClient.testEscapeHtml("<script>alert('xss')</script>")); } // ========== buildGoUrl tests ========== @Test public void test_buildGoUrl_basic() {Created: Tue Mar 31 13:07:34 GMT 2026 - Last Modified: Sat Mar 21 06:04:58 GMT 2026 - 40.6K bytes - Click Count (0) -
src/test/java/org/codelibs/fess/job/IndexExportJobTest.java
source.put("title", "Title with <script>alert('xss')</script>"); source.put("content", "Content with & < > \" '"); source.put("lang", "en"); final String html = new HtmlIndexExportFormatter().format(source, Collections.emptySet()); assertTrue(html.contains("<title>Title with <script>alert('xss')</script></title>"));
Created: Tue Mar 31 13:07:34 GMT 2026 - Last Modified: Sun Mar 15 09:08:38 GMT 2026 - 66.1K bytes - Click Count (0) -
src/main/resources/fess_config.properties
# Inline MIME types for the response. response.inline.mimetypes=application/pdf,text/plain # HTTP headers for the response. response.headers=\ text/html=X-XSS-Protection: 1; mode=block\n\ text/html=Content-Security-Policy: reflected-xss block\n\ text/html=X-Frame-Options: SAMEORIGIN\n\ # document index # Index name for search documents. index.document.search.index=fess.search
Created: Tue Mar 31 13:07:34 GMT 2026 - Last Modified: Sat Mar 28 06:59:19 GMT 2026 - 59.3K bytes - Click Count (0) -
src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
String RESPONSE_INLINE_MIMETYPES = "response.inline.mimetypes"; /** The key of the configuration. e.g. text/html=X-XSS-Protection: 1; mode=block<br> * text/html=Content-Security-Policy: reflected-xss block<br> * text/html=X-Frame-Options: SAMEORIGIN<br> * */ String RESPONSE_HEADERS = "response.headers";
Created: Tue Mar 31 13:07:34 GMT 2026 - Last Modified: Sat Mar 28 06:59:19 GMT 2026 - 576.9K bytes - Click Count (2)