Reputation: 4029
Java Regex for protecting xSS
I want to use java Regex to check whether there is <script/> in my url. I want to match if characters of url occur in ['"&<>\/] , But for java ,the regex is little different, I do not know how to write correct regex to match. Can someone can help me?
Upvotes: 1
Views: 1674
Answers (2)
Reputation: 54810
How are you displaying the query string parameter? If you are doing this in a JSP file you can simply use the <c:out> tag to escape it:
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<c:out value="${param.myUnsafeParam}" />
Upvotes: 0
Reputation: 8206
Never do Html Encoding/Decoding/Validation yourself. If you ever encounter code that is manually validating html, xml etc... it is a bug. Always use a library that is well used and peer reviewed for these sorts of tasks. Don't be a cowboy coder and think you can do it well; it is much harder to get right than you might think. The OWASP site has everything you need to know about how to do this in JAVA.
Upvotes: 2
Related Questions
- Best regex to catch XSS (Cross-site Scripting) attack (in Java)?
- Java Regex Escape Characters
- XSS filter to remove all scripts
- Xss Filter Regex catching the wrong words
- Regular expressions to prevent XSS or something else?
- HTML Regular Expression
- Java Regular expression
- Java : Regular Expression escape Regular Expression
- Java Regex Escape
- XSS regular expression