protect jsp pages againt xss

前端 未结 3 1060
悲哀的现实
悲哀的现实 2021-02-11 05:57

i want to protect my website form xss, and i want to assure that all my data are correct and consistent, so i don\'t want to allow to add any scripts to my db, that\'s because m

相关标签:
3条回答
  • 2021-02-11 06:31

    http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

    0 讨论(0)
  • 2021-02-11 06:34

    Use some Filter to sanitize HTTP request data.

    You may go for jsoup, it is very handy:

    String unsafe = "<p><a href='http://example.com/' onclick='stealCookies()'>Link</a></p>";
    String safe = Jsoup.clean(unsafe, Whitelist.basic());
    // now: <p><a href="http://example.com/" rel="nofollow">Link</a></p>
    

    Ref: http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer

    0 讨论(0)
  • 2021-02-11 06:38

    In short, you can write filter which does proper escaping of User input(map to relevant URL mapping). There could be readily available plugin to do this but I am not aware.
    You can refer to this thread XSS prevention in JSP/Servlet web application

    0 讨论(0)
提交回复
热议问题