{"id":134857,"date":"2025-07-02T10:18:00","date_gmt":"2025-07-02T07:18:00","guid":{"rendered":"https:\/\/www.javacodegeeks.com\/?p=134857"},"modified":"2025-07-01T15:19:33","modified_gmt":"2025-07-01T12:19:33","slug":"sanitizing-html-to-prevent-xss-attacks-using-owasp","status":"publish","type":"post","link":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html","title":{"rendered":"Sanitizing HTML to Prevent XSS Attacks Using OWASP"},"content":{"rendered":"

Sanitizing user-generated HTML is essential for preventing XSS attacks in Java applications. Two widely used libraries for this are OWASP Java HTML Sanitizer<\/a> and JSoup<\/a>. OWASP provides strict, policy-based control ideal for high-security needs, while JSoup offers a simple and flexible approach for general HTML cleanup using Safelist<\/code>. In this article, we demonstrate how to use both libraries to safely process and render user input.<\/p>\n

1. HTML Sanitization<\/h2>\n

Sanitization ensures that only safe and allowed HTML elements and attributes are retained from the input. This approach is different from escaping, which neutralizes all HTML but preserves the raw content. Sanitization allows safe HTML formatting (like <b><\/code>, <p><\/code>, etc.) while stripping dangerous tags such as <script><\/code>, <iframe><\/code>, and event attributes like onload<\/code> or onclick<\/code>.<\/p>\n

The OWASP Java HTML Sanitizer<\/a> library provides a powerful and customizable way to sanitize HTML input in Java applications. It is fast, secure, and highly configurable.<\/p>\n

Maven Setup<\/strong><\/p>\n

Add the following to pom.xml<\/code> to include the OWASP Sanitizer dependency.<\/p>\n

\n        <dependency>\n            <groupId>com.googlecode.owasp-java-html-sanitizer<\/groupId>\n            <artifactId>owasp-java-html-sanitizer<\/artifactId>\n            <version>20240325.1<\/version>\n        <\/dependency>\n<\/pre>\n
This configuration includes the OWASP HTML sanitizer, which provides utilities to define and apply sanitization policies.<\/p>\n
2. Using Predefined (Basic) OWASP Sanitizers<\/h2>\n
This class uses OWASP\u2019s predefined sanitizers (FORMATTING<\/code>, BLOCKS<\/code>, LINKS<\/code>) for general-purpose use.<\/p>\n
\npublic class XssSanitizer {\n\n    public static String applyBasicSanitizers(String html) {\n        PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.LINKS);\n        return policy.sanitize(html);\n    }\n\n    public static void main(String[] args) {\n        String inputHtml = \"<p>Hello<\/p> <script>alert('XSS')<\/script> <a href='http:\/\/example.com'>Link<\/a> <img src='x' onerror='stealCookies()'>\";\n\n        System.out.println(inputHtml);\n\n        System.out.println(\"\\n\");\n        System.out.println(applyBasicSanitizers(inputHtml));\n    }\n}\n<\/pre>\n
This class defines a method that sanitizes HTML input using a combination of pre-defined OWASP policies. The applyBasicSanitizers<\/code> method constructs a PolicyFactory<\/code> by chaining together Sanitizers.FORMATTING<\/code>, Sanitizers.BLOCKS<\/code>, and Sanitizers.LINKS<\/code>. The FORMATTING<\/code> policy allows safe inline tags such as <b><\/code>, <i><\/code>, and <p><\/code>, while the BLOCKS<\/code> policy supports structural HTML elements like <div><\/code> and <section><\/code>. <\/p>\n
The LINKS<\/code> policy enables the use of <a><\/code> tags with validated href<\/code> attributes, preventing potentially malicious URLs. By combining these policies, the class ensures that safe and useful HTML elements are retained, while dangerous content like <script><\/code> tags and event handler attributes (e.g., onerror<\/code>) are stripped out, effectively mitigating the risk of Cross-Site Scripting (XSS) attacks.<\/p>\n
Example Response<\/strong><\/p>\n
\n<p>Hello<\/p>  <a href=\"http:\/\/example.com\" rel=\"nofollow\">Link<\/a>\n<\/pre>\n
As we can see, the <script><\/code> tag and unsafe attributes like onerror<\/code> are removed, while safe formatting elements such as <b><\/code> are preserved, ensuring that only allowed tags and attributes remain after sanitization.
 
<\/div> <\/div><\/p>\n
3. Advanced: Custom Policy with HtmlPolicyBuilder<\/h2>\n
Sometimes we need more control than the default Sanitizers provide. For example, we might only want to allow <p><\/code>, <a><\/code>, and <img><\/code> tags with specific attributes.<\/p>\n
\npublic class CustomPolicyFactory {\n\n    public static String sanitize(String html) {\n        PolicyFactory policy = new HtmlPolicyBuilder()\n                .allowElements(\"p\", \"strong\", \"em\", \"a\", \"img\")\n                .allowAttributes(\"href\").onElements(\"a\")\n                .allowAttributes(\"src\", \"alt\").onElements(\"img\")\n                .allowUrlProtocols(\"http\", \"https\")\n                .requireRelNofollowOnLinks()\n                .toFactory();\n\n        return policy.sanitize(html);\n    }\n    \n    public static void main(String[] args) {\n        String inputHtml = \"<p>Hello<\/p> <script>alert('XSS')<\/script> <a href='http:\/\/example.com'>Link<\/a> <img src='x' onerror='stealCookies()'>\";\n\n        System.out.println(inputHtml);\n\n        System.out.println(\"\\n\");\n        System.out.println(sanitize(inputHtml));\n    }\n}\n<\/pre>\n
This class demonstrates how to define a strict HTML sanitization policy using the HtmlPolicyBuilder<\/code> API. It allows only a specific subset of safe HTML tags, including <p><\/code>, <strong><\/code>, <em><\/code>, <a><\/code>, and <img><\/code>, making it suited for scenarios where we want fine-grained control over which elements are permitted. It explicitly allows essential attributes such as href<\/code> on <a><\/code> tags and src<\/code> and alt<\/code> on <img><\/code> tags, while restricting URL protocols to only http<\/code> and https<\/code> to prevent JavaScript injection. <\/p>\n
Additionally, it enforces rel=\"nofollow\"<\/code> on all links to discourage search engines from following potentially user-submitted URLs. This approach ensures that all unsafe tags like <script><\/code> and dangerous attributes like onerror<\/code> are removed, preserving only content that is safe and semantically meaningful.<\/p>\n
4. Unit Testing<\/h2>\n
To verify that the sanitizer functions correctly, create unit tests that cover a range of input scenarios.<\/p>\n
\npublic class CustomPolicyFactoryTest {\n\n    @Test\n    void testSanitizeScript() {\n        String input = \"<p>Hello<\/p> <script>alert('XSS')<\/script> <a href='http:\/\/example.com'>Link<\/a> <img src='x' onerror='stealCookies()'>\";\n        String expected = \"<p>Hello<\/p>  <a href=\\\"http:\/\/example.com\\\" rel=\\\"nofollow\\\">Link<\/a> <img src=\\\"x\\\" \/>\";\n        String actual = CustomPolicyFactory.sanitize(input);\n        assertEquals(expected, actual);\n    }\n    \n}\n\n<\/pre>\n
This test validates that the sanitizer strips script tags while preserving allowed formatting. We can add more test cases to cover other attack vectors and tags.<\/p>\n
5. Alternative HTML Sanitizers in Java<\/h2>\n
While the OWASP Java HTML Sanitizer is the most robust solution for security-focused sanitization, other tools in the Java ecosystem serve useful purposes depending on your specific needs. One notable option is JSoup’s Cleaner.<\/p>\n
5.1 Sanitizing HTML with JSoup Cleaner<\/h3>\n
JSoup<\/a> is a widely used Java library for parsing, manipulating, and sanitizing HTML. It provides an intuitive API for fetching web content, parsing and extracting data, and modifying HTML using familiar DOM methods, CSS selectors, and XPath-like expressions. <\/p>\n
Maven Dependency for JSoup<\/strong><\/p>\n
\n<dependency>\n    <groupId>org.jsoup<\/groupId>\n    <artifactId>jsoup<\/artifactId>\n    <version>1.21.1<\/version>\n<\/dependency>\n<\/pre>\n
(Check for the latest version on Maven Central<\/a>)<\/p>\n
Example: JSoup Cleaner<\/strong><\/p>\n
\npublic class JsoupSanitizerExample {\n\n    public static String sanitize(String html) {\n        \/\/ Use a predefined Safelist\n        return Jsoup.clean(html, Safelist.basic());\n    }\n\n    public static void main(String[] args) {\n        String inputHtml = \"<p>Hello <b>world<\/b><script>alert('xss')<\/script><img src='http:\/\/img.com' onerror='stealCookies()'><\/p>\";\n        String cleaned = sanitize(inputHtml);\n\n        System.out.println(\"Original HTML:\\n\" + inputHtml);\n        System.out.println(\"\\nSanitized Output with JSoup:\\n\" + cleaned);\n    }\n}\n<\/pre>\n
In this example, we use JSoup\u2019s Safelist.basic()<\/code> to sanitize an input string containing various HTML tags, including formatting (<p><\/code>, <b><\/code>), a potentially dangerous <script><\/code> tag, a link with an onclick<\/code> handler, and an <img><\/code> tag with an onerror<\/code> event.<\/p>\n
The Safelist.basic()<\/code> policy is designed to allow common formatting elements such as <b><\/code>, <i><\/code>, <strong><\/code>, <em><\/code>, <p><\/code>, <ul><\/code>, <ol><\/code>, <li><\/code>, and safe <a><\/code> tags with href<\/code> attributes. It removes any JavaScript event attributes like onclick<\/code>, strips out <script><\/code> elements entirely, and disallows <img><\/code> tags unless you are using Safelist.basicWithImages()<\/code>.<\/p>\n
As shown in the output (screenshot) below, the <script><\/code> and unsafe attributes are removed, and only the safe content remains.<\/p>\n
\n
\"Example<\/a><\/figure>\n<\/div>\n
JSoup\u2019s Safelist<\/code> allows customization through the addTags()<\/code> and addAttributes()<\/code> methods, which extend the base behavior by allowing additional HTML elements and attributes that are not included in the predefined safelists like basic()<\/code> or relaxed()<\/code>.<\/p>\n
Below is an example demonstrating how to use addTags()<\/code> to allow new elements and addAttributes()<\/code> to safely allow custom attributes.<\/p>\n
\npublic class JsoupCustomPolicyExample {\n\n    public static void main(String[] args) {\n        String inputHtml = \"<p>Hello <mark>highlighted<\/mark> text<\/p>\"\n                + \"<a href='http:\/\/example.com' target='_blank'>Visit<\/a>\"\n                + \"<span style='color:red;'>Styled<\/span>\";\n\n        \/\/ Start with the basic safelist\n        Safelist customSafelist = Safelist.basic()\n                \/\/ Allow <mark> and <span> tags\n                .addTags(\"mark\", \"span\")\n                \/\/ Allow 'style' on <span> and 'target' on <a>\n                .addAttributes(\"span\", \"style\")\n                .addAttributes(\"a\", \"target\");\n\n        String sanitizedHtml = Jsoup.clean(inputHtml, customSafelist);\n\n        System.out.println(\"Original HTML:\\n\" + inputHtml);\n        System.out.println(\"\\nSanitized Output:\\n\" + sanitizedHtml);\n    }\n}\n<\/pre>\n
In this example, Safelist.basic()<\/code> serves as the base sanitization policy, and we extend it by allowing additional elements and attributes. The addTags(\"mark\", \"span\")<\/code> method enables support for the <mark><\/code> and <span><\/code> tags, which are not included in the default basic list. The addAttributes(\"span\", \"style\")<\/code> call allows inline styles on <span><\/code> elements, while addAttributes(\"a\", \"target\")<\/code> permits the use of target=\"_blank\"<\/code> in anchor tags, which is otherwise stripped for security reasons.<\/p>\n
This customization is useful when you want to selectively allow non-standard formatting or attributes for richer user input, while still maintaining basic XSS protection by excluding dangerous tags and JavaScript-based attributes.<\/p>\n
6. Conclusion<\/h2>\n
In this article, we explored how to sanitize HTML input in Java to prevent XSS (Cross-Site Scripting) attacks using both the OWASP Java HTML Sanitizer and the JSoup library. We demonstrated how OWASP’s sanitizer provides strong security through customizable policies using HtmlPolicyBuilder<\/code>, allowing fine-grained control over allowed tags, attributes, and even element transformations. We also showed how to use JSoup\u2019s Safelist<\/code> to remove unsafe elements and attributes while supporting common formatting needs, and how to extend it using addTags()<\/code> and addAttributes()<\/code> for richer but still safe HTML input. <\/p>\n
By leveraging these libraries, developers can confidently clean and render user-generated content while maintaining protection against XSS vulnerabilities.<\/p>\n
7. Download the Source Code<\/h2>\n
This article explored how to sanitize HTML in Java to prevent XSS attacks.<\/p>\n
Download<\/strong>
\nYou can download the full source code of this example here: java sanitize html prevent xss attacks<\/strong><\/a>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Sanitizing user-generated HTML is essential for preventing XSS attacks in Java applications. Two widely used libraries for this are OWASP Java HTML Sanitizer and JSoup. OWASP provides strict, policy-based control ideal for high-security needs, while JSoup offers a simple and flexible approach for general HTML cleanup using Safelist. In this article, we demonstrate how to …<\/p>\n","protected":false},"author":128888,"featured_media":213,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[849,4134,793,973,594,3452],"class_list":["post-134857","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-enterprise-java","tag-html","tag-html-sanitization","tag-jsoup","tag-owasp","tag-xss","tag-xss-prevention"],"yoast_head":"\nSanitizing HTML to Prevent XSS Attacks Using OWASP - Java Code Geeks<\/title>\n<meta name=\"description\" content=\"Learn how to use Java to sanitize HTML and prevent XSS attacks with secure coding practices and OWASP Java HTML Sanitizer.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sanitizing HTML to Prevent XSS Attacks Using OWASP - Java Code Geeks\" \/>\n<meta property=\"og:description\" content=\"Learn how to use Java to sanitize HTML and prevent XSS attacks with secure coding practices and OWASP Java HTML Sanitizer.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html\" \/>\n<meta property=\"og:site_name\" content=\"Java Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/javacodegeeks\" \/>\n<meta property=\"article:author\" content=\"https:\/\/web.facebook.com\/omos.aziegbe\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-02T07:18:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/owasp-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Omozegie Aziegbe\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/OAziegbe\" \/>\n<meta name=\"twitter:site\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Omozegie Aziegbe\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html\"},\"author\":{\"name\":\"Omozegie Aziegbe\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/7d3eac6e45542536e961129ae0fb453e\"},\"headline\":\"Sanitizing HTML to Prevent XSS Attacks Using OWASP\",\"datePublished\":\"2025-07-02T07:18:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html\"},\"wordCount\":955,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/owasp-logo.jpg\",\"keywords\":[\"HTML\",\"HTML Sanitization\",\"JSoup\",\"OWASP\",\"XSS\",\"XSS Prevention\"],\"articleSection\":[\"Enterprise Java\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html\",\"name\":\"Sanitizing HTML to Prevent XSS Attacks Using OWASP - Java Code Geeks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/owasp-logo.jpg\",\"datePublished\":\"2025-07-02T07:18:00+00:00\",\"description\":\"Learn how to use Java to sanitize HTML and prevent XSS attacks with secure coding practices and OWASP Java HTML Sanitizer.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#primaryimage\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/owasp-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/owasp-logo.jpg\",\"width\":150,\"height\":150},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enterprise Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\\\/enterprise-java\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Sanitizing HTML to Prevent XSS Attacks Using OWASP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"name\":\"Java Code Geeks\",\"description\":\"Java Developers Resource Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"alternateName\":\"JCG\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.javacodegeeks.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/javacodegeeks\",\"https:\\\/\\\/x.com\\\/javacodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/7d3eac6e45542536e961129ae0fb453e\",\"name\":\"Omozegie Aziegbe\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/cropped-jcg_profile_pic-96x96.jpg\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/cropped-jcg_profile_pic-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/cropped-jcg_profile_pic-96x96.jpg\",\"caption\":\"Omozegie Aziegbe\"},\"description\":\"Omos Aziegbe is a technical writer and web\\\/application developer with a BSc in Computer Science and Software Engineering from the University of Bedfordshire. Specializing in Java enterprise applications with the Jakarta EE framework, Omos also works with HTML5, CSS, and JavaScript for web development. As a freelance web developer, Omos combines technical expertise with research and writing on topics such as software engineering, programming, web application development, computer science, and technology.\",\"sameAs\":[\"https:\\\/\\\/web.facebook.com\\\/omos.aziegbe\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/omosaziegbe\\\/\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/OAziegbe\"],\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/author\\\/omozegie-aziegbe\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sanitizing HTML to Prevent XSS Attacks Using OWASP - Java Code Geeks","description":"Learn how to use Java to sanitize HTML and prevent XSS attacks with secure coding practices and OWASP Java HTML Sanitizer.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html","og_locale":"en_US","og_type":"article","og_title":"Sanitizing HTML to Prevent XSS Attacks Using OWASP - Java Code Geeks","og_description":"Learn how to use Java to sanitize HTML and prevent XSS attacks with secure coding practices and OWASP Java HTML Sanitizer.","og_url":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html","og_site_name":"Java Code Geeks","article_publisher":"https:\/\/www.facebook.com\/javacodegeeks","article_author":"https:\/\/web.facebook.com\/omos.aziegbe","article_published_time":"2025-07-02T07:18:00+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/owasp-logo.jpg","type":"image\/jpeg"}],"author":"Omozegie Aziegbe","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/OAziegbe","twitter_site":"@javacodegeeks","twitter_misc":{"Written by":"Omozegie Aziegbe","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#article","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html"},"author":{"name":"Omozegie Aziegbe","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/7d3eac6e45542536e961129ae0fb453e"},"headline":"Sanitizing HTML to Prevent XSS Attacks Using OWASP","datePublished":"2025-07-02T07:18:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html"},"wordCount":955,"commentCount":0,"publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/owasp-logo.jpg","keywords":["HTML","HTML Sanitization","JSoup","OWASP","XSS","XSS Prevention"],"articleSection":["Enterprise Java"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html","url":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html","name":"Sanitizing HTML to Prevent XSS Attacks Using OWASP - Java Code Geeks","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#primaryimage"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/owasp-logo.jpg","datePublished":"2025-07-02T07:18:00+00:00","description":"Learn how to use Java to sanitize HTML and prevent XSS attacks with secure coding practices and OWASP Java HTML Sanitizer.","breadcrumb":{"@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#primaryimage","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/owasp-logo.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/owasp-logo.jpg","width":150,"height":150},{"@type":"BreadcrumbList","@id":"https:\/\/www.javacodegeeks.com\/sanitizing-html-to-prevent-xss-attacks-using-owasp.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.javacodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"Java","item":"https:\/\/www.javacodegeeks.com\/category\/java"},{"@type":"ListItem","position":3,"name":"Enterprise Java","item":"https:\/\/www.javacodegeeks.com\/category\/java\/enterprise-java"},{"@type":"ListItem","position":4,"name":"Sanitizing HTML to Prevent XSS Attacks Using OWASP"}]},{"@type":"WebSite","@id":"https:\/\/www.javacodegeeks.com\/#website","url":"https:\/\/www.javacodegeeks.com\/","name":"Java Code Geeks","description":"Java Developers Resource Center","publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"alternateName":"JCG","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.javacodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.javacodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.javacodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/javacodegeeks","https:\/\/x.com\/javacodegeeks"]},{"@type":"Person","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/7d3eac6e45542536e961129ae0fb453e","name":"Omozegie Aziegbe","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2023\/12\/cropped-jcg_profile_pic-96x96.jpg","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2023\/12\/cropped-jcg_profile_pic-96x96.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2023\/12\/cropped-jcg_profile_pic-96x96.jpg","caption":"Omozegie Aziegbe"},"description":"Omos Aziegbe is a technical writer and web\/application developer with a BSc in Computer Science and Software Engineering from the University of Bedfordshire. Specializing in Java enterprise applications with the Jakarta EE framework, Omos also works with HTML5, CSS, and JavaScript for web development. As a freelance web developer, Omos combines technical expertise with research and writing on topics such as software engineering, programming, web application development, computer science, and technology.","sameAs":["https:\/\/web.facebook.com\/omos.aziegbe","https:\/\/www.linkedin.com\/in\/omosaziegbe\/","https:\/\/x.com\/https:\/\/twitter.com\/OAziegbe"],"url":"https:\/\/www.javacodegeeks.com\/author\/omozegie-aziegbe"}]}},"_links":{"self":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/134857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/users\/128888"}],"replies":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/comments?post=134857"}],"version-history":[{"count":0,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/134857\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media\/213"}],"wp:attachment":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media?parent=134857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/categories?post=134857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/tags?post=134857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}