Sanitizing RichTextArea content


I need to make sure that users can’t use the client’s RichTextArea to make offensive JavaScript and equivalent “cross-site scripting attacks” that would potentially create security issues and other problems in the web application.

Book of Vaadin mentions this concern briefly, but how is it actully done? I’m thinking some kind of a filter when saving the text content (property of the field).

If someone could show me with a bit of code, for example, how to make an existing RichTextArea component “safe” in aforementioned aspect, it would be greatly appreciated.

Thank you.

I used jsoup to sanitize this.