Petar Petrov
Reputation: 596
Bean:write filter doesn't work
I'm working on an application with Struts 1 and JSP. I have to write XSS protection. I have inputs like this one :
<input id="name" name="name" class="someClass" type="text"
value="<bean:write name="personForm" property="name"/>">
I read that for protection XSS attack i have to add attribute filter in bean:write and filter should be true. So my code looks like that now
<input id="name" name="name" class="someClass" type="text"
value="<bean:write name="personForm" property="name" filter="true"/>">
But still I'm able to submit scripts. Do you know why this might happen.
Upvotes: 1
Views: 560
Answers (1)
GUISSOUMA Issam
Reputation: 2582
bean:write is only for rendering purposes.The value passed to the server side is not get filtered.
Upvotes: 1
Related Questions
- Unable to set value from bean to JSP page
- how to use <bean:write > tag in strut 1.2?
- struts logic tag: only works with form bean parameters?
- Adding Struts2 Filters Causes Blank Page
- Struts how to insert bean:write in bean:message arguments
- how to combine html:text and bean:write
- Struts 1 bean tag inside HTML quotes
- Filters not working in Struts2
- Struts <bean:write> tags
- How to prevent XSS vulnerability with Struts