• Post Reply Bookmark Topic Watch Topic
  • New Topic

how to avoid cross-site scripting

 
suresh guru
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all
Can anyone know how to avoid cross-site scripting sccurity threat. I have an applicatin which uses JSP,servlets,Beans,javascript.I dont know much abt this & As for as i know this involves entering of HTML tags(like <script></script> in the text boxes,text areas and in hyperlinks to maliciously execute some code in the users browser (by using the dynamically generated page from the server on submitting the form containing these tags)
what i want to know is
How to avoid the users from entering HTML tags in the input boxes
How to avoid the problem on the server side
Pls submit some code examples/related urls
 
Lasse Koskela
author
Sheriff
Posts: 11962
5
 
Jason Menard
Sheriff
Posts: 6450
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Simply put, you must perform server side validation on any outside inputs into your application. That means all browser fields (including hidden ones) and any request parameters your application uses.
If a user must login to use your application, ensure that they have permissions to execute whatever function they are trying to execute. It isn't sufficient to merely not display a menu option if a user doesn't have the required permissions, you must also check in your code that the user is allowed to access that function.
Assume that the user is providing malicious inputs and code accordingly. Once you get yourself into the frame of mind of coding defensively, it will eventually become second nature.
 
Matthew Phillips
Ranch Hand
Posts: 2676
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
rgsuresh,
We don't have many rules at Javaranch, but our display name policy is one of them. Please read this policy and change your display name to comply with it if you wish to continue posting. Thanks.
You can change your display name here.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!