Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Edit HTTP response

 
Julius Kabugu
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My Struts business layer sends HTTP responses to javascript and actionscript client; When I receive requests from these applications I convert the single quote and other special chars to html codes, e.g. & # 146 ; , mainly to prevent sql injection.
Now when returning the response to the client, I want to scan the xml content of the response after struts forms it and unescape the html (some sort of interceptor that edits the content of the response). Is this possible without throwing the IllegalStateException? How can I achieve it?
 
Joe Ess
Bartender
Pie
Posts: 9258
10
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One should never construct SQL queries out of user input. Use prepared statements and bound variables, as PreparedStatement correctly escapes any special characters.
Preventing_SQL_Injection_in_Java
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic