I have been thinking about protecting an app form SQL injection and XSS attacks but currently know very little about this area of security. I started out using the Http Data Integrity Validation Framework (HDIV) but found it was a little to secure in that it broke bookmarks, the back button and attempted to grab every exception and claim it was an attack; I have now removed it. I have the following questions:
1) If a user enters some kind of attack into a form field does struts provide any defense against this? 2) If not should I be checking the input for double quotes, single quote, html close tags etc and escaping/encoding them or is there a better way? -- View this message in context: http://www.nabble.com/Does-struts2-sanatise-the-input-from-forms--tp21528467p21528467.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
