You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by Peter Felts <pe...@yahoo.com> on 2008/03/29 00:29:10 UTC

XSS exploit countermeasure? Filtering user input

I'm creating my own application using java services. What is the best way to filter out user input to avoid XSS and buffer-overruns (do you even need to worry about buffer-overruns in Java?), etc? For example, if the user inputs the string:

alert('XSS vulnerability test');

In a form, what is the best way to prevent this script from being executed (Once the form data is passed to a service of course)? Is there some super-cool Java utility to validate HTML user input?

Re: XSS exploit countermeasure? Filtering user input

Posted by BJ Freeman <bj...@free-man.net>.

there has been some input about this:
https://issues.apache.org/jira/browse/OFBIZ-260
http://jira.undersunconsulting.com/browse/OFBIZ-559
https://issues.apache.org/jira/browse/OFBIZ-1193
https://issues.apache.org/jira/browse/OFBIZ-1476

Peter Felts sent the following on 3/28/2008 3:29 PM:
> I'm creating my own application using java services. What is the best way to filter out user input to avoid XSS and buffer-overruns (do you even need to worry about buffer-overruns in Java?), etc? For example, if the user inputs the string:
> 
> alert('XSS vulnerability test');
> 
> In a form, what is the best way to prevent this script from being executed (Once the form data is passed to a service of course)? Is there some super-cool Java utility to validate HTML user input?
> 
> 
> 
> 
> 
> 
> 
> 
> 
>