aspose file tools*
The moose likes JSP and the fly likes Avoid Cross site scripting in Jsp Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Avoid Cross site scripting in Jsp" Watch "Avoid Cross site scripting in Jsp" New topic
Author

Avoid Cross site scripting in Jsp

jami siva
Ranch Hand

Joined: Oct 16, 2009
Posts: 60
How to avoid Cross site scripting in Jsp.
Currently I am using scriptlet code to display any error messages.
Below is the code :
<%
out.println (error.getMessage() );
%>

How do make this statement to avoid Cross Site Scripting.

Thank you guys
Siva
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
In which way do you think this code is vulnerable to XSS attacks? Is the string returned by getMessage generated from user input?


Ping & DNS - updated with new look and Ping home screen widget
jami siva
Ranch Hand

Joined: Oct 16, 2009
Posts: 60
No, this getMessage is generated from server.
Even i don't know that is the only code to attack Cross site scripting, If so, How to write code in jsp to avoid things means Cross site scripting.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Start reading here: http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29241
    
139

If you use cut instead of a scriptlet, it will escape the special characters for you.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Avoid Cross site scripting in Jsp
 
Similar Threads
cross site script
Doubt in EL part of JSP 2.0 specification
Cross-site scripting attacks
How to prevent cross site cripting parameter manipulation attacks in jsp?
how to avoid cross-site scripting