Check for a predefined pattern of characters in a filter,as you have suggested, (probably read from xml) and forward to an error page if you find any.
-----Original Message----- From: rapsy [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 14, 2007 3:50 PM To: user@struts.apache.org Subject: Cross site scripting issue Hi All, I am trying to find a best solution to prevent Cross site scripting attacks. I wrote a method to filter out all the bad characters. But my questions is where should I call this method? AT the form level, in setters method r action level or use a filter. I think filter is a good option but I am not sure how to implement that. Any help is appreciated! Thanks -- View this message in context: http://www.nabble.com/Cross-site-scripting-issue-tf3404408.html#a9482026 Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]