You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Emi <em...@encs.concordia.ca> on 2018/02/28 16:55:09 UTC
About "Parameter Validation Filter"
Hello,
There is a topic about Parameter Validation Filter
(TrimTextValidationRule, FailIfNotCanonicalizedValidationRule,
FailIfContainsHTMLValidationRule) for servlet
(https://www.owasp.org/index.php/Parameter_Validation_Filter).
I just want to know that struts2.5.14.1 already have these kinds of
validation set by default and no need to add pvf.xml anymore, right?
Thanks a lot.
Re: About "Parameter Validation Filter"
Posted by Lukasz Lenart <lu...@apache.org>.
2018-02-28 17:55 GMT+01:00 Emi <em...@encs.concordia.ca>:
> Hello,
>
> There is a topic about Parameter Validation Filter (TrimTextValidationRule,
> FailIfNotCanonicalizedValidationRule, FailIfContainsHTMLValidationRule) for
> servlet (https://www.owasp.org/index.php/Parameter_Validation_Filter).
>
> I just want to know that struts2.5.14.1 already have these kinds of
> validation set by default and no need to add pvf.xml anymore, right?
No, I mean, Struts do not perform such validations automatically.
Regards
--
Ćukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org