On 7/18/05, Laurie Harper <[EMAIL PROTECTED]> wrote: > Frank W. Zammetti wrote: > > > Not a problem... > > > > http://javawebparts.sourceforge.net/javadocs/index.html > > > > In the javawebparts.filter package, you should see the > > CrossSiteScriptingFilter. > > > > This will filter any incoming parameters, and optionally attributes (good > > for if your forwarding somewhere) for a list of characters (you can alter > > what it looks for via regex). > > Ah, I initially skipped that package, thinking a servlet filter wasn't > really what I was after. Browsing through the code, it seems I was right. >
While the code in question here might not help you, the concept of a Filter still can. You can use Filters to monitor (and potentially modify) the output stream by providing a wrapper around the HttpServletResponse that the container hands you, with custom implementations of getOutputStream() and getWriter() that send their output to a buffer instead of directly back to the client. Then, when the client returns, you can postprocess the buffer and weed out anything you think is dangerous. I think there's a sample filter to do GZIP compression in the Tomcat releases, which you could use as a model of the overall architecture. Crag --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
