How to prevent cross site cripting parameter manipulation attacks in jsp?

Hi guys,

How could i prevent cross site scripting and parameter manipulation attacks in jsp?

how should i handle such a invalid input coming from the user? Will the SSL implementation prevent this kind of attacks?

Thanks.

With regards to XSS, make sure that all text entered by users is validated not to contain problematic HTML/JavaScript. The SecurityFaq points to some articles on this subject (and related attacks such as SQL injection).

Parameters passed in by the user need to be validated on the server. For example, if one of the parameter is a product ID, then the server needs to check the current user is allowed to access that product. Everything sent by the browser is potentially suspect.

SSL does nothing to prevent these classes of attacks.