Strategy for security in Wink REST Server based applications?

[Brian Laskey <br...@gmail.com>]

I was trying to determine this from the documentation, but had a question
around how some aspects of security are handled by Wink or not for a REST
server applications.

Mostly around cross-site scripting type attacks, but if there are any
thoughts around other kinds of scenarios.

Starting with cross site scripting, since various user inputs can be sent
to the server as query parameters or in the request body, does Wink servlet
itself handle any either encoding / escaping of inputs, or for escaping the
output in case of Exceptions being thrown by the server? Or is it up to the
implementation for each Resource to properly sanitize inputs and responses,
especially in case of error messages?


Thanks,
Brian