On 06/12/2009 12:45 AM, tamsler wrote: > Evaluating user input on the client side and checking for "<script>", > etc. tags is a good practice, however, there are ways to bypass such > input validation. So the next best line of defense is to validate/re- > validate on the server side where the GWT RPC call terminates. I am > wondering what solutions exists at that end. > -- Thomas >
Such solutions are probably going to be toolkit-specific, in the sense that such a toolkit may have a routines available to sanitize whatever arrives from the net and whatever you send to the client. If you are using such a toolkit, does that provide anything? Otherwise, you'll have to roll your own solution. A search on the keywords mentioned in your subject line may reveal some useful Java code (assuming that's what's executing on the server). To reiterate, GWT is a client-side solution; client-side code is the focus of this list. Obviously, a server's involved since the code must originate there. However, the details of the other side of an RPC are "an exercise left to the reader". > On Jun 11, 5:20�pm, Jeff Chimene<[email protected]> wrote: > >> On 06/11/2009 04:18 PM, tamsler wrote: >> >> >>> I am trying to figure out what the best way is to handle JavaScript >>> injection cases. Since any client side input validation handling >>> doesn't truly prevent one from injecting JS such as using tools like >>> Firebug to re-post RPC calls etc. >>> >>> I am wondering if anybody has attempted to intercept JS injection on >>> the server side by "scanning" RPC calls . I could imagine using a >>> servlet filter to do this or or some other way. >>> >>> Any ideas/feeback is greatly appreciated. >>> >> It's a good question, but it's not really GWT related. >> You're talking about server-side code. The �JS code generated by GWT >> executes in the browser. >> I may be completely missing your point, but perhaps these articles may >> be >> apropos:http://code.google.com/webtoolkit/articles/using_gwt_for_json_mashups... >> andhttp://code.google.com/webtoolkit/articles/put_your_gwt_app_on_facebo... >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
