Re: Prevent script-injection attacks from user's input

[Maxim Solodovnik]

You can completely disable inline scripts using strict CSP
And of cause this is you who output the script entered to the page :)
If it is done via Label just remove 'setEscapeModelStrings(false)'

If you need to accept and display HTML input, you can 'sanitize' form value

from mobile (sorry for typos ;)


On Tue, Oct 27, 2020, 07:34 Arunachalam Sibisakkaravarthi <
arunacha...@mcruncher.com> wrote:

> Hi guys,
> JS script alert is displayed when user input alert('xss
> attacks') and submit the form. How to handle this? Basically I
> want to prevent Cross-Site-Scripting from user inputs.
> Is it possible to do this globally since our Wicket Webapp is big?
> I found the below post which is discussed in 2010.
> Preventing-user-input-script-injection-attacks
> <
> http://apache-wicket.1842946.n4.nabble.com/Preventing-user-input-script-injection-attacks-td3059119.html
> >
>
>
>
> *Thanks And RegardsSibi.ArunachalammCruncher*
>

Prevent script-injection attacks from user's input

[Arunachalam Sibisakkaravarthi]

Hi guys,
JS script alert is displayed when user input alert('xss
attacks') and submit the form. How to handle this? Basically I
want to prevent Cross-Site-Scripting from user inputs.
Is it possible to do this globally since our Wicket Webapp is big?
I found the below post which is discussed in 2010.
Preventing-user-input-script-injection-attacks




*Thanks And RegardsSibi.ArunachalammCruncher*