there has been some input about this:
https://issues.apache.org/jira/browse/OFBIZ-260
http://jira.undersunconsulting.com/browse/OFBIZ-559
https://issues.apache.org/jira/browse/OFBIZ-1193
https://issues.apache.org/jira/browse/OFBIZ-1476
Peter Felts sent the following on 3/28/2008 3:29 PM:
> I'm creating my own application using java services. What is the best way to
> filter out user input to avoid XSS and buffer-overruns (do you even need to
> worry about buffer-overruns in Java?), etc? For example, if the user inputs
> the string:
>
> alert('XSS vulnerability test');
>
> In a form, what is the best way to prevent this script from being executed
> (Once the form data is passed to a service of course)? Is there some
> super-cool Java utility to validate HTML user input?
>
>
>
>
>
>
>
>
>
>
