Jason Britain (author of Tomcat, the definitive guide) has a ready-to-run filter/valve solution for that. You could talk to him on the #tomcat channel on irc.
Besides, best XSS prevention is imo not filtering the input, but the output. if you write everything out with <bean:write ... filter="true"> you'll be fine. regards Leon On 3/14/07, rapsy <[EMAIL PROTECTED]> wrote:
Hi All, I am trying to find a best solution to prevent Cross site scripting attacks. I wrote a method to filter out all the bad characters. But my questions is where should I call this method? AT the form level, in setters method r action level or use a filter. I think filter is a good option but I am not sure how to implement that. Any help is appreciated! Thanks -- View this message in context: http://www.nabble.com/Cross-site-scripting-issue-tf3404408.html#a9482026 Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]