Protect jsp againt xss pages

Question

Protect jsp againt xss pages

I want to protect the form of my xss website, and I want all my data to be correct and consistent, so I don't want to allow any scripts to be added to my db, because my data can be used by other web services, so I I want to be sure that my data is correct and will not cause any problems for others.

I want to do validation only in the input, and not in the output, so I will do the check only once, and also be sure that no scripts exist in my db.

EDIT : please add the last comment I added.

+2

java security jsp xss

palAlaa Nov 05 '10 at 17:54

source share

3 answers

http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

+4

Ventral 05 . '10 18:23

In short, you can write a filter that properly escapes user input (matching with the corresponding URL mapping). There may be a plugin available for this, but I don't know.
You can refer to this topic XSS Prevention in the JSP / Servlet Web Application

0

ch4nd4n Nov 05 '10 at 18:27

source share

Puspendu Banerjee · Accepted Answer · 2010-11-25T17:26:06+0000

Use a filter to clear the HTTP request data.

jsoup, :

String unsafe = "<p><a href='http://example.com/' onclick='stealCookies()'>Link</a></p>";
String safe = Jsoup.clean(unsafe, Whitelist.basic());
// now: <p><a href="http://example.com/" rel="nofollow">Link</a></p>

: http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer

Protect jsp againt xss pages

More articles: