You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by sudhakarvm <su...@gmail.com> on 2019/02/04 08:03:43 UTC
Sanitizing the REST input payload
Hi,
We are using Jersey 2 and not overriding the default json serializer and
deserializer ie Jhonzon. So wanted to check whether Jhonzon escapes the
request payload (for avoiding Cross site scripting attacks - XSS) or do we
have to explicitly escape the input. If we have to escape our-self then can
you suggest the best fit escaping (in put sanitizing) API.
Thanks in advance,
Sudhakar
--
Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
Re: Sanitizing the REST input payload
Posted by Roberto Cortez <ra...@yahoo.com.INVALID>.
Hi Sudhakar,
What really makes a difference is the Object type and Content-Type returned by your API. If it is XML or JSON, it should be escaped by default.
Cheers,
Roberto
> On 4 Feb 2019, at 08:03, sudhakarvm <su...@gmail.com> wrote:
>
> Hi,
>
> We are using Jersey 2 and not overriding the default json serializer and
> deserializer ie Jhonzon. So wanted to check whether Jhonzon escapes the
> request payload (for avoiding Cross site scripting attacks - XSS) or do we
> have to explicitly escape the input. If we have to escape our-self then can
> you suggest the best fit escaping (in put sanitizing) API.
>
> Thanks in advance,
> Sudhakar
>
>
>
> --
> Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html