Prevent xss attack in Spring+Hibernate application
Question
I have spring + hibernate application.
I have a lot of fields values of which I store in database. At this fields user can type anything.
These values can be rendered on client side. Thus this script can be executed.
Is there way to handle this problem in single place or I should handle each situation separately ?
1 answers
solution1
0 2015-10-26 00:37:02
Take a look at https://stackoverflow.com/a/2148120/4204904 Basically you have to set in your web.xml
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to prevent from Cross Site Scripting (XSS) attack in Spring Boot application?
how to prevent XSS attack
In a simple Spring+Hibernate application,how to resolve “Unrecognized listener type”?
Environment-Specific Configuration of Spring+Hibernate application
Ways to prevent SQL Injection Attack & XSS in Java Web Application
ClassNotFoundException in spring+hibernate integration
spring+hibernate mapping class without xml
spring+hibernate set dont allow save
EJB+EclipseLink or Spring+Hibernate
Where and how handle spring+hibernate exceptions?
Related Tags