• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Edit HTTP response

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My Struts business layer sends HTTP responses to javascript and actionscript client; When I receive requests from these applications I convert the single quote and other special chars to html codes, e.g. & # 146 ; , mainly to prevent sql injection.
Now when returning the response to the client, I want to scan the xml content of the response after struts forms it and unescape the html (some sort of interceptor that edits the content of the response). Is this possible without throwing the IllegalStateException? How can I achieve it?
 
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One should never construct SQL queries out of user input. Use prepared statements and bound variables, as PreparedStatement correctly escapes any special characters.
Preventing_SQL_Injection_in_Java
 
reply
    Bookmark Topic Watch Topic
  • New Topic