Forums Register Login

how to avoid cross-site scripting

+Pie Number of slices to send: Send
hi all
Can anyone know how to avoid cross-site scripting sccurity threat. I have an applicatin which uses JSP,servlets,Beans,javascript.I dont know much abt this & As for as i know this involves entering of HTML tags(like <script></script> in the text boxes,text areas and in hyperlinks to maliciously execute some code in the users browser (by using the dynamically generated page from the server on submitting the form containing these tags)
what i want to know is
How to avoid the users from entering HTML tags in the input boxes
How to avoid the problem on the server side
Pls submit some code examples/related urls
+Pie Number of slices to send: Send
+Pie Number of slices to send: Send
Simply put, you must perform server side validation on any outside inputs into your application. That means all browser fields (including hidden ones) and any request parameters your application uses.
If a user must login to use your application, ensure that they have permissions to execute whatever function they are trying to execute. It isn't sufficient to merely not display a menu option if a user doesn't have the required permissions, you must also check in your code that the user is allowed to access that function.
Assume that the user is providing malicious inputs and code accordingly. Once you get yourself into the frame of mind of coding defensively, it will eventually become second nature.
+Pie Number of slices to send: Send
rgsuresh,
We don't have many rules at Javaranch, but our display name policy is one of them. Please read this policy and change your display name to comply with it if you wish to continue posting. Thanks.
You can change your display name here.
My name is Inigo Montoya, you killed my father, prepare to read a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 1816 times.
Similar Threads
c:out tag
Hiding javascript when html page is loading
Security Related Error in Servlet Application
Avoid Cross site scripting in Jsp
How can i remove some malicious html tag in user's submit
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 08:23:58.