How to verify the string value accountName contains of any of the below special characters using fn:contains JSTL function.
& ( ) % " =
If any of these characters are available in accountName then we need to use the fn:replace to replace the special character with space. Please let know how we can evaluate multiple fn:contains to check multiple special characters in JSP.
No. You just need to replace any of those characters which are in the string by spaces.
Let me spell it out in basic terms if you still don't get it. You don't need to say
"If there's any &s in the string, then replace the &s by spaces."
You just need to say
"Replace the &s in the string by spaces."
If there weren't any, then nothing will happen. It's not going to throw an exception and bring your system down.
posted 1 week ago
Yes right we need to replace the special characters in the input with space and i need to do it only when the input is having the special characters , if not leave it as it is , else replace with space and reload the page to ensure URL is updated with input which doesn't contains these special characters.
You do not seem to be getting the point: you do not need to perform a check. If there are no characters to change, the replace operation will leave everything as is. The check is pointless and useless.
Bear Bibeault wrote:The check is pointless and useless.
It's actually worse than useless, it's a waste of time. It's quicker to just do the delete by itself.
posted 1 week ago
Thanks, but when we are replacing the spl characters with replace it should reload the page to ensure the URL is updated accordingly with no special characters like below. For that atleast i need to do a conditional check with fn:contains right? else how i can reload the page if there are special char in the request param (accountName)? please clarify.
I don't understand the idea that a JSP can "reload" a page. The purpose of a JSP is to write a page; in your example your JSP should replace the special characters with blanks as part of the page-generating process. If there aren't any special characters it still has to generate and write the page.
posted 1 week ago
Thanks,Page reload (redirect) is needed for the base URL to get updated without spl characters if there is one when it is invoked initially? Without page reload whether the URL will get updated without spl characters?
are you telling without page reload also it is fine, there is no need to reaload/redirect the page with the updated request param . For example the below will replace the special char in accountName input passed to the page
and this accountName will be passed to the other links in the same page. Thats it there is no need to redirect the page to the same accountDisplay.jsp with the accountName displayed without spl characters so it is not susceptible to XSS? it will be like,
This URL is getting invoked by the security team for testing by passing the special characters to check the code prevents XSS attacks, so this URL is invoked directly which in any case wont happen in a real time scenario , but here since the security team has reported the issue by directly invoking the URL we need to replace these spl char with space
But throwing an error message is not a part of the requirement for this direct URL invocation, which you mentioned is correct , but this is an interim solution we are looking at hence the idea is to replace the special characters in the accountName passed and adjust it to make it valid as you pointed out and that is the requirement for this functionality. Please let me know reload of the page makes a difference here?
Mo-om! You're embarassing me! Can you just read a tiny ad like a normal person?