Few days ago I wrote blog about simple HTML sanitization with using NekoHTML library.

It was simple solution I initially wanted to use... but I did not like it:

• It is too simple;
• I'm not so big specialist in security to find out all 'dangerous' html parts to filter them out.

After looking a little bit more - finally I found solution I needed: AntiSamy

So, this is simple library: jar file and xml configuration. It performs html sanitization according to settings in xml - you can use some predefined settings (like how facebook or myspace filter-out html) as well as define own - depending from what you want to allow users to add and want do not want.

So, my best recommendations:

• Do not reinvent the weel;
• use it in any place there html is entered by users.