aspose file tools*
The moose likes Servlets and the fly likes Servlet Filter for XSS prevention Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet Filter for XSS prevention" Watch "Servlet Filter for XSS prevention" New topic
Author

Servlet Filter for XSS prevention

deepak
Greenhorn

Joined: Apr 20, 2007
Posts: 3
My application has been through security audit and I was told that there are XSS issues (parameters passed through URL are stored without filtering and that ouput is not entity encoded to take care of html metacharacters).

I have 2 questions:

1. I am planning to use servlet filter with antisamy to filter user input to script tag presence (http://bazageous.wordpress.com/). Does it takes care of all html metacharaters? Which policy file i should use, there is no requirement to enter html input.
2. How can i replicate this issue? I have tried injecting a. <BR SIZE="&{alert('XSS')}">
b. <script>alert(123)</script> with other user inputs through text fields but NO success in creating a alert while rendering jsp (through JSON and extJS). please suggest how can i reproduce this issue? the application does not take care of xss as of today
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60057
    
  65

1. That's a question best answered by the author or by inspecting the code.
2. The problem is unlikely to manifest when simply returning info as JSON, as that's just data. It depends what you do with that data.

The easiest way to replicate the problem is to enter a script tag as a value that gets displayed in a JSP. Using <c:out> when displaying unsafe data solves 99% of the problem.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Servlet Filter for XSS prevention
 
Similar Threads
DWR - Not returning search results
problem in 'async' funtionality of ajax
Login Authentication & sendRedirect
Are the following characters XSS vulnerable?
save checked value in checkbox to database