XSS « Security « Spring Q&A





1. How do I prevent people from doing XSS in Java?    stackoverflow.com

What should I do to prevent XSS in Java? I'm using Spring MVC. Right now I am just putting all places where I output user text into <c:out /> ...

2. Alternative to using c:out to prevent XSS    stackoverflow.com

I'm working on preventing cross site scripting (XSS) in a Java, Spring based, Web application. I have already implemented a servlet filter similar to this example http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/ which sanitizes ...

3. targetUrlParameter susceptible to xss attack    forum.springsource.org

targetUrlParameter susceptible to xss attack I glanced across at grails.org/Security and noticed it mention an xss attack where someone provides a link to you which requires a login but appends a ...

4. Protection against xss on MappingJacksonJsonView    forum.springsource.org

Hi, I'm wondering if there are any built in protections/annotations available against such things as cross site request forgery on JacksonJson views? E.g. referrer checking (which is not perfect I know). ...

5. Cross Site Scripting (XSS) filtering?    forum.springsource.org

Has anyone developed a cross site scripting filter/interceptor for their webapp using Acegi? Does this even make sense? I have used the BadInputFilterValve from the O'Reilly http://www.oreilly.de/catalog/tomcat/ Tomcat book. It works ...

6. Default validator and XSS (html & script injection)    forum.springsource.org

Default validator and XSS (html & script injection) Hi guys! I'm trying to find out the way to add default validation (rejection) to protect from XSS (particularly - html and script ...

7. Exploitable XSS in sample apps    forum.springsource.org

There is an exploitable XSS in both acegi-security-sample-tutorial and acegi-security-sample-contacts-filter. I assume that a lot of people are using the login page provided as is, just reskinning it. The problem lies ...

8. Cross-site Scripting/XSS Support    forum.springsource.org

Is there a good solution for foiling Cross-site Scripting attacks with Spring MVC/Web flow? My understanding is that in order to defeat XSS attacks, it is necessary to HTML-escape all request ...

9. XSS vulnerability    forum.springsource.org

What is the best way to secure the application against XSS vulnerabilties. Does Spring provide some controller to strip out all the possible combinations from the request





10. ACIG with Stripes framwork to avoid XSS ( SQL injection)    forum.springsource.org

ACIG with Stripes framwork to avoid XSS ( SQL injection) Hi , I am searching for a solution to avoid the XSS ( site scripting) and I found a solution which ...

11. Xss    forum.springsource.org

Hi I been testing Spring Roo with following some tutorials just to get a hang of it. But I noticed that the scaffolded generated webbapplication doesn't encode it's output and is ...

12. XSS Protection    forum.springsource.org

Hello Everyone, I am developing my first web application using Spring and I was just wondering if Spring has a library to help with XSS prevention, and encoding or stripping javascript ...