Shritam Bhowmick
Reputation: 317
Protection against Cross site scripting on specific JSP and Servlet code
Here are the servelet cum JSP code, let me know how we could protect them from XSS?
Servlet Code:
String strRequestScrip = SecurityCheck.getStringParameter(request,PARAM_SCRIP_CODE);
List arrScripLocator = MarketWatchUtils.getEqScripLocator(strRequestScrip, strExchangeCode, application);
request.setAttribute("arrScripLocator", arrScripLocator);
request.getRequestDispatcher("/ajax/ajaxScripLocator.jsp").forward(request, response);
Jsp Code:
final List arrScripLocator = (List) request.getAttribute("arrScripLocator");
int intScripLocatorSize = arrScripLocator != null ? arrScripLocator.size() : 0;
intScripLocatorSize = intScripLocatorSize <= 20 ? intScripLocatorSize : 20;
out.print(intScripLocatorSize);
Upvotes: 1
Views: 553
Answers (1)
fgpr0x
Reputation: 111
You should use Jsoup to sanitize the request. The code will look like this:
String unsafe ="<p><a href='http://example.com/' onclick='stealCookies()'>Link</a></p>";
String safe = Jsoup.clean(unsafe, Whitelist.basic());
// now: <p><a href="http://example.com/" rel="nofollow">Link</a></p>
I recommend you also read the OWASP XSS Filter Evasion Sheet.
Upvotes: 1
Related Questions
- XSS prevention in JSP/Servlet web application
- How to prevent from Cross Site Scripting (XSS) attack in Spring Boot application?
- Prevent XSS/Cross site scripting vulnerability - request.getParameter() in JSP
- Prevent cross-site scripting from url
- prevent XSS attacks In JSPs
- How to prevent cross-site scripting using javascript
- XSS Cross Site Scripting - on JSP input tag
- how to prevent XSS attack
- XSS attacks in jsp
- protect jsp pages againt xss