Hi!

There isn't any easy way to protect against XSS attacks and I don't
know of any Servlet containers that would offer you any solutions to
this. But there's a nice library called OWASP AntiSamy that you could
use to validate user input:

http://code.google.com/p/owaspantisamy/

If you don't want to use a ready-made library, do select white-listing
instead of black-listing when deciding what HTML tags are allowed for
users to input.

Cheers,

Kai


2008/6/19 Aaron Freeman <[EMAIL PROTECTED]>:
> Is there an easy way to sanitize input such that a user cannot inject
> javascript via user input fields, or does sanitation have to occur within
> each individual JSP that accepts user input?  This could be done either on
> the input side or on the output side I suppose.  Does anyone have experience
> with this that can share?
>
> Thanks,
>
> Aaron
>
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>


_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to