An interceptor seems like a reasonable solution. Why don't you want to use HDIV?
Dave On Fri, Oct 1, 2010 at 3:15 AM, Pars Man <parsmani...@yahoo.de> wrote: > Hi, > > I am currently checking the web to find something about how to handle XSS > attacks in my Struts2 application. > Unfortunately I just cannot find anything. > > I do not want to use HDIV (http://www.hdiv.org/) or the HDIV-Plugin > (https://cwiki.apache.org/S2PLUGINS/home.html). > > What I thought of is an Interceptor that escapes the special characters of > all > parameters that are sent, i.e. by using StringEscapeUtils which is included > in > commons-lang.jar > (see http://www.mkyong.com/java/how-to-escape-special-characters-in-java/ > ). > > 1. How would you manage such a requirement? > 2. What are the Best Practices? > 3. Would you use an Interceptor and if yes how would it look like? > 4. What options do I have? > 5. What are the pros and cons? > > Thanks > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
