my dog learned polymorphism*
The moose likes JSP and the fly likes Text box with HTML tags security issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Text box with HTML tags security issue" Watch "Text box with HTML tags security issue" New topic
Author

Text box with HTML tags security issue

Avi Gafa
Greenhorn

Joined: Jul 24, 2008
Posts: 3
Hi All,
I have a text box(on a jsp page) which should enable a free txt input including an HTML tags.
Some background:
In my customer page, there is an empty <div> that shoud be filled dinamiclly by calling to my servlet.
my servlet should return a text that can be including an HTML tags and this text will be emmbeded in the div and will be formatted as a regular HTML.
in order to retrive this text, I'm giving my customer a text box where he can put his free text(again, including HTML tags) and I store it in the DB.
my problem is, how to give my customer the ability to put his free text with the HTML tags in the text box and in the DB and to avoid security issuse like SQL injection.

Thanks,
Avi
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60785
    
  65

SQL injection problems can be handled in the model using techniques as outline in the JDBC forum (using PerparedStatements, for example). Script and HTML injection can be prevented by using the <c:out> JSTL tag when displaying the user-entered values, as <c:out> will properly HTML-encode any markup characters.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
wood burning stoves
 
subject: Text box with HTML tags security issue
 
Similar Threads
Dynamic rendering of html content on jsf
JSP <a href> tags breaks page functionality
Display problem of drop down and div
accessing the value in a DOM tree
SQL injection and HTML