There isn't any easy way to protect against XSS attacks and I don't
know of any Servlet containers that would offer you any solutions to
this. But there's a nice library called OWASP AntiSamy that you could
use to validate user input:
If you don't want to use a ready-made library, do select white-listing
instead of black-listing when deciding what HTML tags are allowed for
users to input.
2008/6/19 Aaron Freeman <[EMAIL PROTECTED]>:
> Is there an easy way to sanitize input such that a user cannot inject
> each individual JSP that accepts user input? This could be done either on
> the input side or on the output side I suppose. Does anyone have experience
> with this that can share?
> resin-interest mailing list
resin-interest mailing list