> Hello, > We are using Struts 2.3.16.3 for our application. Due to security > reasons, we need to "clean" the user's input in order to avoid XSS. We are > using JSoup for that, with success( > http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer). > > The issues is that we haven't find a really good way to integrate it with > Struts. Basically we need to pass every String parameter through JSoup to > sanitize it, and right now we are doing it manully on the execute method of > the action, after the parameters have been loaded in the action and > validated. We would like to do it automatically when the parametes are set > in the action. In the normal actions we can do it in the getter, but some > actions have java beans for parameters, and we don't want to integrate the > Jsoup call in the bean methods. Any suggestions about how to do this? > > Thanks > > JL
One approach could be to wrap it in a custom validator. This blog seems to be a good sample: http://www.programmingforfuture.com/2012/09/struts2-writing-custom-validator.html Regards, Christoph This Email was scanned by Sophos Anti Virus
