• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cross site scripting

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Techies, I have developed a Struts based application on Websphere. but after security testing(which was done by third party), i came to know it is prone to cross site scripting. Can anybody tell me what's the best approach to fix that in Struts based application.
I have done 'googling' and came to know about filters etc, but I trust javaranch for better and faster results. please guide or provide pointers to solve this.

TIA
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
XSS can occur if you let users enter text, and display that back on a web page without properly sanitizing it (by making sure that it does not contain unwanted HTML or JavaScript fragments). So you should consider how to ensure that user-entered data is validated, and in particular, cleaned of any HTML/JavaScript it may contain.

The Security FAQ has some links on web app security in general, and XSS in particular. There's also an article on SQL injection, which is a similar kind of attack on databases.
 
reply
    Bookmark Topic Watch Topic
  • New Topic