Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Avoid Cross site scripting in Jsp

 
jami siva
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to avoid Cross site scripting in Jsp.
Currently I am using scriptlet code to display any error messages.
Below is the code :
<%
out.println (error.getMessage() );
%>

How do make this statement to avoid Cross Site Scripting.

Thank you guys
Siva
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In which way do you think this code is vulnerable to XSS attacks? Is the string returned by getMessage generated from user input?
 
jami siva
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, this getMessage is generated from server.
Even i don't know that is the only code to attack Cross site scripting, If so, How to write code in jsp to avoid things means Cross site scripting.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Start reading here: http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34837
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you use cut instead of a scriptlet, it will escape the special characters for you.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic