Hi Simon, Sorry I don't know if there is anything on Trinidad that does that for you automatically, but you can check out the OWASP cheat sheet for XSS at [1]. Maybe this will help!
Regards, Jakob [1] http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet 2010/7/14 Simon Kulessa <[email protected]> > Hello, > > I have written my own component to display messages inside a jsf page. > The component is based on the tr:messages Element. > My implementation of the renderer uses the following code to write the > message into the page. > > //ResponseWriter writer > for(FacesMessage msg : messages) { > > writer.startElement("li", null); > > String summary = msg.getSummary(); > // add something to prevent xss attacks here > writer.write(summary); > > writer.endElement("li"); > } > > The bad thing is that msg.getSummary() can contain JavaScript code - which > will be executed if the page is rendered. I need to add some > kind of prevention against this behaviour. > > I assume that Trinidad offers some mechanisms to prevent > these kind of attacks. Can someone give me some hints? > > > Best regards, > Simon Kulessa. > -- > > Diplom Informatiker Simon Kulessa > > FlexSecure GmbH > Industriestr. 12 > D - 64297 Darmstadt > Tel: +49 (0) 6151 501 23-15 > Fax: +49 (0) 6151 501 23-19 > E-Mail:[email protected] <e-mail%[email protected]> > Internet:www.flexsecure.de > > Geschäftsführer: > Erwin Stallenberger, Markus Ruppert > > Amtsgericht Darmstadt HRB 8036 > Umsatzsteuernummer: DE 214745269 > > -- Jakob Korherr blog: http://www.jakobk.com twitter: http://twitter.com/jakobkorherr work: http://www.irian.at
