You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Jordan Redner <jr...@shopping.com> on 2005/02/24 22:58:15 UTC
Form field scrubbing
Does anyone know of an elegant way to intercept form input fields for
XSS (cross site scripting) attacks in a single place within a Tapestry
application?
So... if I have a simple method that does the String scrubbing for
malicious characters, it would be nice put this in place for all String
fields and be able to handle these cases with a single, handling
implementation.
Jordan
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Form field scrubbing
Posted by Howard Lewis Ship <hl...@gmail.com>.
If you don't use <@Insert raw="true"> than peoples mailicious uploaded
<script>malicious</script> will be rendered out as
<script>malicious</> ... is that the kind of thing you are
concerned about?
I suppose a IValidator could identify and/or scrub input as well.
On Thu, 24 Feb 2005 13:58:15 -0800, Jordan Redner <jr...@shopping.com> wrote:
> Does anyone know of an elegant way to intercept form input fields for
> XSS (cross site scripting) attacks in a single place within a Tapestry
> application?
>
> So... if I have a simple method that does the String scrubbing for
> malicious characters, it would be nice put this in place for all String
> fields and be able to handle these cases with a single, handling
> implementation.
>
> Jordan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
--
Howard M. Lewis Ship
Independent J2EE / Open-Source Java Consultant
Creator, Jakarta Tapestry
Creator, Jakarta HiveMind
Professional Tapestry training, mentoring, support
and project work. http://howardlewisship.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org