How to Protect Text Input from Cross-Site-Scripting (XSS) Attacks Through Normalization using Java

One way to stop a Cross-Site Scripting (XSS) attack is by normalizing the string in question. Our XSS API will take care of that for you, returning a normalized result along with a notification that the string did contain (true) or did not contain (false) an XSS attack. A successful JSON response model looks as follows:

{
  "Successful": true,
  "ContainedXss": true,
  "OriginalInput": "string",
  "NormalizedResult": "string"
}

To help you include this API in your Java project, we’ve provided ready-to-run code samples from our API Console page to help you make your connection. Below installation instructions are for Maven; visit the Cloudmersive API Console to find instructions for installation with Gradle.

First, add a reference to the repository in pom.xml:

<repositories>
    <repository>
        <id>jitpack.io</id>
        <url>https://jitpack.io</url>
    </repository>
</repositories>

Once done, add this reference to the dependency in pom.xml:

<dependencies>
<dependency>
    <groupId>com.github.Cloudmersive</groupId>
    <artifactId>Cloudmersive.APIClient.Java</artifactId>
    <version>v4.25</version>
</dependency>
</dependencies>

Finally, add the imports and call the validation function:

// Import classes:
//import com.cloudmersive.client.invoker.ApiClient;
//import com.cloudmersive.client.invoker.ApiException;
//import com.cloudmersive.client.invoker.Configuration;
//import com.cloudmersive.client.invoker.auth.*;
//import com.cloudmersive.client.ContentThreatDetectionApi;
ApiClient defaultClient = Configuration.getDefaultApiClient();
// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//Apikey.setApiKeyPrefix("Token");
ContentThreatDetectionApi apiInstance = new ContentThreatDetectionApi();
String value = "value_example"; // String | User-facing text input.
try {
    StringXssProtectionResult result = apiInstance.contentThreatDetectionProtectXss(value);
    System.out.println(result);
} catch (ApiException e) {
    System.err.println("Exception when calling ContentThreatDetectionApi#contentThreatDetectionProtectXss");
    e.printStackTrace();
}

Poof — just like magic. Your input will be normalized and analyzed for XSS attacks.