Vulnerabilities Protection - XSS Cross site Scripting validation

I have not been able to find in Vaadin 14 a way to filter forms input fields from containing script threats. Every language provides a way to filter parameter content and prevent entry of damgerous code. Could you please provide a solution to this.

Could you please provide a solution to this.

The obvious first option for this is to use Jsoup as framework includes dependency to it, so you do not need to add it to your project.

String value = Jsoup.clean(textField.getValue(),Whitelist.none());

Traditionally the approach in Vaadin framework has been that the getValue methods do not have this by default. The component methods taking String as argument e.g. like Label#setText etc. set only the text content of the element, thus html not evaluated. Naturally with exception of Html component, which intentionally is for setting html-content.

So if you have are using Html component and setting it value from possibly foreign source, then you must use Jsoup with appropriate whitelist, like Whitelist.basic() to sanitize it.