Lib to protect SQL / javascript input for java / jsp

Question

Lib to protect SQL / javascript input for java / jsp

Does anyone know of a good lib where I can run lines before inserting them, which could strip sql / javascript code? To run in jsp pages.

The idealism of lib would be:

Free
A light weight
Ease of use

Thanks in advance to the SO community, who will happily respond :)

+2

java security sql-injection jsp javascript-injection

fmsf Dec 08 '08 at 17:03

source share

7 answers

api . sql , , . .

: , , , . sql . .

javascript, , . , , , SO, . , .

+4

Joel Coehoorn 08 . '08 17:07

AntiSamy OWASP. , , . Java, , .

+2

Flory 08 . '08 17:46

, , , "" . , , , .

, , :) api - :)

0

fmsf 08 . '08 17:13

c: out XML. , - , , , .

0

MetroidFan2002 08 . '08 18:13

SQL, PreparedStatement. - , , PreparedStatement. HTML JavaScript, . XML. JSTL escapeXml, fn tld.

0

laz 08 . '08 18:20

, :

OP SQL JavaScript.

SQL Injection , , / . Java PMD ( PMD) Findbugs ( Findbugs ) SQL-. OWASP SQL- Java.

As for the script injection, the safest way to prevent hacked scripts from running is to ensure that user input, when used as output, should be displayed using a coded format - for web applications, this will be HTML encoding . This OWASP page shows you how to perform HTML encoding in Java.

0

Vineet reynolds Dec 13 '08 at 18:23

source share

krosenvold · Accepted Answer · 2008-12-08T17:11:27+0000

Apache Commons lang StringEscapeUtils will bring you part of the path. He slips away, does not separate.

http://commons.apache.org/lang/api/org/apache/commons/lang/StringEscapeUtils.html

: Escaping , , , , , .

Lib to protect SQL / javascript input for java / jsp

More articles: