Hi Techies, I have developed a Struts based application on Websphere. but after security testing(which was done by third party), i came to know it is prone to cross site scripting. Can anybody tell me what's the best approach to fix that in Struts based application. I have done 'googling' and came to know about filters etc, but I trust javaranch for better and faster results. please guide or provide pointers to solve this.
The Security FAQ has some links on web app security in general, and XSS in particular. There's also an article on SQL injection, which is a similar kind of attack on databases.