We have a webservice which saves data and presents the same on the User interface for viewing the transactions. Now, my requirement is to validate all the input parameters in the web service request to make sure that vulnerable content is not shown on UI. I am looking for solutions to validate input params in the web service request, before it is saved to database.
Some of the solutions that I have are below:
Are there any API or jars which can be integrated with axis2 or java which takes care of validating the request params rather than doing it manually?
Please suggest what is the best way.
Thanks, Harika
As you mentioned approach 2 is the ideal one and you can use Apache Commons Lang library's StringEscapeUtils
which has methods escapeHtml
, escapeJavascript
and escapeXml
which can eliminate Front end code before saving it into the database.
This will prevent XSS but can not guarantee SQL Injection prevention.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.