We're building an app that requires the user to be able to input raw HTML (for a design template) and then be able to display that within SFDC. The challenge we've found in a security process is that we need to find a way to ensure that the HTML is stripped of any "unsafe" constructs.

While it's been recommended we utilize the ESAPI Validator getValidSafeHTML method...

http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Validator.html#getValidSafeHTML(java.lang.String, java.lang.String, int, boolean)

...that doesn't seem to be included in the ESAI SFDC suite...

http://code.google.com/p/force-dot-com-esapi

Any recommendations as to how we could leverage the ESAPI Validator getValidSafeHTML method within our app, or potentially another way to scrub our HTML to ensure safe constructs?

I wonder how SFDC does this, as it allows you to input raw HTML when creating email templates.

Attribution to: user284

Possible Suggestion/Solution #1

Instead of stripping out the unsafe, have you thought about only including the safe constructs/tags instead? Sort of like a whitelist of what's OK. Reject everything else.

That way if something new and bad comes along you aren't vunerable. If something new and good comes along you can plan for it and update appropriately.

Attribution to: Peter Knolle
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/538