• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Cross site scripting

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Techies, I have developed a Struts based application on Websphere. but after security testing(which was done by third party), i came to know it is prone to cross site scripting. Can anybody tell me what's the best approach to fix that in Struts based application.
I have done 'googling' and came to know about filters etc, but I trust javaranch for better and faster results. please guide or provide pointers to solve this.

TIA
 
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
XSS can occur if you let users enter text, and display that back on a web page without properly sanitizing it (by making sure that it does not contain unwanted HTML or JavaScript fragments). So you should consider how to ensure that user-entered data is validated, and in particular, cleaned of any HTML/JavaScript it may contain.

The Security FAQ has some links on web app security in general, and XSS in particular. There's also an article on SQL injection, which is a similar kind of attack on databases.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic