Xssprotect - Google Code. The purpose of this library is to filter a user input string in order to clean it from (known) XSS attacks.
The approach in this library uses a parser to create a tree of HTML tags, which are slightly cleaned up for better processing (tag-matching and so on). The parser then calls to a pluggable filter interface implementation, which is responsible for filtering out improper HTML attributes or XSS attacks. The Spanner - XSS Rays. I’ve developed a new XSS scanner tool that’s written in Javascript called XSS Rays for Microsoft.
They have given me permission to release the tool as open source which is awesome because it can be used for other open source applications. I recommend you use it as part of the web development process to make sure you’ve filtered XSS correctly on your application. It works as a bookmarklet and scans any links, paths or forms on the target scanning page (even cross domain). XSS HTML Filter: A Java library for protecting against cross sit.