Hello, I have a Click application and to safeguard the app from Cross Site Scripting we are stripping off all of the < and > request tags in our Filter. It works when the user enters something with these greater than or less than tags into the input fields of the page. But when we modify the URL itself with something like =</td>
We still get an alert on the page even though we see in our logs that the request goes through the filter and the tags get stripped off. But it looks like the java script gets executed before we hit the filter. We have the same set up in the other Struts application and this doesn't happen. Any suggestions? -- View this message in context: http://click.1134972.n2.nabble.com/Javascript-is-executed-before-the-Filter-Cross-site-scripting-tp7392633p7392633.html Sent from the click-user mailing list archive at Nabble.com.
