Hi, We are using Jersey 2 and not overriding the default json serializer and deserializer ie Jhonzon. So wanted to check whether Jhonzon escapes the request payload (for avoiding Cross site scripting attacks - XSS) or do we have to explicitly escape the input. If we have to escape our-self then can you suggest the best fit escaping (in put sanitizing) API.
Thanks in advance, Sudhakar -- Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
