Search Options

Display Count
Sort
Preferred Language
Advanced Search

Results 1 - 8 of 8 for xss (0.04 seconds)

  2. github.com/codelibs/fess

    src/test/java/org/codelibs/fess/helper/MarkdownRendererTest.java 

            String malicious = "<a href=\"#\" onclick=\"alert('XSS')\">Click</a>";
        String result = markdownRenderer.render(malicious);
        // onclick attribute should be removed
        assertFalse(result.contains("onclick"));
    }

    @Test
    public void test_render_xss_javascriptProtocol() {
        String malicious = "[Click me](javascript:alert('XSS'))";
        String result = markdownRenderer.render(malicious);
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Wed Jan 14 14:29:07 GMT 2026
    - 11.1K bytes
    - Click Count (0)
  3. github.com/codelibs/fess

    src/main/java/org/codelibs/fess/helper/MarkdownRenderer.java 

    import org.owasp.html.HtmlPolicyBuilder;
import org.owasp.html.PolicyFactory;

/**
 * Renders markdown to sanitized HTML for safe display in the chat interface.
 * Uses commonmark for markdown parsing and OWASP HTML Sanitizer for XSS prevention.
 */
public class MarkdownRenderer {

    private static final Logger logger = LogManager.getLogger(MarkdownRenderer.class);

    private Parser markdownParser;
    private HtmlRenderer htmlRenderer;
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Mon Jan 12 10:32:40 GMT 2026
    - 5.3K bytes
    - Click Count (0)
  4. github.com/codelibs/fess

    src/main/webapp/js/suggestor.js 

                }
            $item.css("background-color", bgColor);
          }
        }
      },

      /**
       * Helper function to safely escape HTML to prevent XSS
       */
      escapeHtml = function (text) {
        return $("<div>").text(text).html();
      },

      suggestor = {
        /**
         * Initialize the suggestor plugin
         */
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Thu Nov 20 11:04:08 GMT 2025
    - 13.3K bytes
    - Click Count (0)
  5. github.com/codelibs/fess

    src/test/java/org/codelibs/fess/chat/ChatClientTest.java 

        }

    @Test
    public void test_escapeHtml_scriptTag() {
        assertEquals("&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;", chatClient.testEscapeHtml("<script>alert('xss')</script>"));
    }

    // ========== buildGoUrl tests ==========

    @Test
    public void test_buildGoUrl_basic() {
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sat Mar 21 06:04:58 GMT 2026
    - 40.6K bytes
    - Click Count (0)
  6. github.com/codelibs/fess

    src/test/java/org/codelibs/fess/job/IndexExportJobTest.java 

            source.put("title", "Title with <script>alert('xss')</script>");
        source.put("content", "Content with & < > \" '");
        source.put("lang", "en");

        final String html = new HtmlIndexExportFormatter().format(source, Collections.emptySet());

        assertTrue(html.contains("<title>Title with &lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;</title>"));
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sun Mar 15 09:08:38 GMT 2026
    - 66.1K bytes
    - Click Count (0)
  7. github.com/codelibs/fess

    src/main/resources/fess_config.properties 

    # Inline MIME types for the response.
response.inline.mimetypes=application/pdf,text/plain
# HTTP headers for the response.
response.headers=\
text/html=X-XSS-Protection: 1; mode=block\n\
text/html=Content-Security-Policy: reflected-xss block\n\
text/html=X-Frame-Options: SAMEORIGIN\n\


# document index

# Index name for search documents.
index.document.search.index=fess.search
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sat Mar 28 06:59:19 GMT 2026
    - 59.3K bytes
    - Click Count (0)
  8. github.com/codelibs/fess

    src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java 

        String RESPONSE_INLINE_MIMETYPES = "response.inline.mimetypes";

    /** The key of the configuration. e.g. text/html=X-XSS-Protection: 1; mode=block<br>
     * text/html=Content-Security-Policy: reflected-xss block<br>
     * text/html=X-Frame-Options: SAMEORIGIN<br>
     *  */
    String RESPONSE_HEADERS = "response.headers";
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sat Mar 28 06:59:19 GMT 2026
    - 576.9K bytes
    - Click Count (2)
  9. github.com/codelibs/fess

    src/main/webapp/js/bootstrap.min.js.map 

    [],\n  ul: []\n}\n// js-docs-end allow-list\n\nconst uriAttributes = new Set([\n  'background',\n  'cite',\n  'href',\n  'itemtype',\n  'longdesc',\n  'poster',\n  'src',\n  'xlink:href'\n])\n\n/**\n * A pattern that recognizes URLs that are safe wrt. XSS in URL navigation\n * contexts.\n *\n * Shout-out to Angular https://github.com/angular/angular/blob/15.2.8/packages/core/src/sanitization/url_sanitizer.ts#L38\n */\n// eslint-disable-next-line unicorn/better-regex\nconst SAFE_URL_PATTERN = /^(?!ja...
    Created: Tue Mar 31 13:07:34 GMT 2026
    - Last Modified: Sun Jan 12 06:14:02 GMT 2025
    - 211.9K bytes
    - Click Count (0)
Back to Top