I was wondering what the best approach would be for taking form data
passed to an Action and removing 'special characters' from the data.
I am having issues with users pasting text from word docs etc. We
only support ISO-8859-1 as of now and there are some characters that
Word will replace such
This is a good approach. In fact, you might start with the params
interceptor - as it is responsible for assigning data to the action, and
all that is needed is to sanitize before assignment.
/Ian
Richard Sayre wrote:
I was wondering what the best approach would be for taking form data
You could just override the string conversion in xwork:
http://struts.apache.org/2.x/docs/type-conversion.html
define something like this in xwork-conversion.properties
java.lang.String=org.example.MyConverter
Then create a class MyConverter that extends the XWorkBasicConverter and
override
I'd be more inclined towards a filter here, preferably close to the top
of the chain... my thought is it's better to deal with things like that
as soon as possible because there's less chance of something exploitable
down the pipe. We have a cross-site scripting filter in our standard
4 matches
Mail list logo
