Hi,
I guess you can validate whatever you want by providing your own
ActionBeanPropertyBinder :
net.sourceforge.stripes.controller.ActionBeanPropertyBinder
I think it can be done very easily by overriding a single method in there,
maybe :
net.sourceforge.stripes.controller.DefaultActionBeanPropertyBinder#bind(net.sourceforge.stripes.action.ActionBean,
java.lang.String, java.lang.Object)
If the value are is a String, then check for XSS, and sanitize the String
before setting the bean prop if needed.
When you output anything in JSP, you should be safe using jstl's <c:out> :
it escapes Xml by default.
Cheers
Rémi
2014-10-14 22:53 GMT+02:00 Adam Stokar <ajsto...@gmail.com>:
> Hi everyone,
>
> Does Stripes have an easy way to remove HTML from user input to prevent
> XSS attacks? I've googled with no success.
>
> Thanks,
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
