You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Peter Felts <pe...@yahoo.com> on 2008/03/29 00:29:10 UTC
XSS exploit countermeasure? Filtering user input
I'm creating my own application using java services. What is the best way to filter out user input to avoid XSS and buffer-overruns (do you even need to worry about buffer-overruns in Java?), etc? For example, if the user inputs the string:
alert('XSS vulnerability test');
In a form, what is the best way to prevent this script from being executed (Once the form data is passed to a service of course)? Is there some super-cool Java utility to validate HTML user input?
Re: XSS exploit countermeasure? Filtering user input
Posted by BJ Freeman <bj...@free-man.net>.
there has been some input about this:
https://issues.apache.org/jira/browse/OFBIZ-260
http://jira.undersunconsulting.com/browse/OFBIZ-559
https://issues.apache.org/jira/browse/OFBIZ-1193
https://issues.apache.org/jira/browse/OFBIZ-1476
Peter Felts sent the following on 3/28/2008 3:29 PM:
> I'm creating my own application using java services. What is the best way to filter out user input to avoid XSS and buffer-overruns (do you even need to worry about buffer-overruns in Java?), etc? For example, if the user inputs the string:
>
> alert('XSS vulnerability test');
>
> In a form, what is the best way to prevent this script from being executed (Once the form data is passed to a service of course)? Is there some super-cool Java utility to validate HTML user input?
>
>
>
>
>
>
>
>
>
>