How to Protect Text Input from Cross-Site-Scripting (XSS) Attacks Through Normalization using Java

2 min readApr 1, 2022


One way to stop a Cross-Site Scripting (XSS) attack is by normalizing the string in question. Our XSS API will take care of that for you, returning a normalized result along with a notification that the string did contain (true) or did not contain (false) an XSS attack. A successful JSON response model looks as follows:

"Successful": true,
"ContainedXss": true,
"OriginalInput": "string",
"NormalizedResult": "string"

To help you include this API in your Java project, we’ve provided ready-to-run code samples from our API Console page to help you make your connection. Below installation instructions are for Maven; visit the Cloudmersive API Console to find instructions for installation with Gradle.

First, add a reference to the repository in pom.xml:


Once done, add this reference to the dependency in pom.xml:


Finally, add the imports and call the validation function:

// Import classes:
//import com.cloudmersive.client.invoker.ApiClient;
//import com.cloudmersive.client.invoker.ApiException;
//import com.cloudmersive.client.invoker.Configuration;
//import com.cloudmersive.client.invoker.auth.*;
//import com.cloudmersive.client.ContentThreatDetectionApi;
ApiClient defaultClient = Configuration.getDefaultApiClient();// Configure API key authorization: Apikey
ApiKeyAuth Apikey = (ApiKeyAuth) defaultClient.getAuthentication("Apikey");
Apikey.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
ContentThreatDetectionApi apiInstance = new ContentThreatDetectionApi();
String value = "value_example"; // String | User-facing text input.
try {
StringXssProtectionResult result = apiInstance.contentThreatDetectionProtectXss(value);
} catch (ApiException e) {
System.err.println("Exception when calling ContentThreatDetectionApi#contentThreatDetectionProtectXss");

Poof — just like magic. Your input will be normalized and analyzed for XSS attacks.




There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.