DeXSS provides a SAX2 Parser to help protect against Cross-site scripting (XSS) attacks. DeXSS uses TagSoup to parse potentially malformed input, followed by a SAX2 filter pipeline to remove JavaScript from HTML. You can use the DeXSS parser in place of your existing SAX2 parser, or you can use the DeXSS utility to provide a string-to-string conversion.
Release Notes 1.2 12 Jun 2012: This release adds a CSS sanitizer, uses the OSBCP CSS Parser, canonizes CSS in @style, and attempts to remove javascript: and expression(). Inline <style> CSS is still elided.


Download and read more in here :