You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Emi <em...@encs.concordia.ca> on 2018/02/28 16:55:09 UTC

About "Parameter Validation Filter"

Hello,

There is a topic about Parameter Validation Filter 
(TrimTextValidationRule, FailIfNotCanonicalizedValidationRule, 
FailIfContainsHTMLValidationRule) for servlet 
(https://www.owasp.org/index.php/Parameter_Validation_Filter).

I just want to know that struts2.5.14.1 already have these kinds of 
validation set by default and no need to add pvf.xml anymore, right?

Thanks a lot.

Re: About "Parameter Validation Filter"

Posted by Lukasz Lenart <lu...@apache.org>.

2018-02-28 17:55 GMT+01:00 Emi <em...@encs.concordia.ca>:
> Hello,
>
> There is a topic about Parameter Validation Filter (TrimTextValidationRule,
> FailIfNotCanonicalizedValidationRule, FailIfContainsHTMLValidationRule) for
> servlet (https://www.owasp.org/index.php/Parameter_Validation_Filter).
>
> I just want to know that struts2.5.14.1 already have these kinds of
> validation set by default and no need to add pvf.xml anymore, right?

No, I mean, Struts do not perform such validations automatically.


Regards
-- 
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org