Hi, I am currently checking the web to find something about how to handle XSS attacks in my Struts2 application. Unfortunately I just cannot find anything.
I do not want to use HDIV (http://www.hdiv.org/) or the HDIV-Plugin (https://cwiki.apache.org/S2PLUGINS/home.html). What I thought of is an Interceptor that escapes the special characters of all parameters that are sent, i.e. by using StringEscapeUtils which is included in commons-lang.jar (see http://www.mkyong.com/java/how-to-escape-special-characters-in-java/). 1. How would you manage such a requirement? 2. What are the Best Practices? 3. Would you use an Interceptor and if yes how would it look like? 4. What options do I have? 5. What are the pros and cons? Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
