You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Steve Jones <st...@ocado.com> on 2015/01/30 09:44:17 UTC

Shiro support for XSS

Hi Team

I've read in a few Google search results (for example,  here
<https://www.owasp.org/index.php/Java_Security_Frameworks>  ) that Shiro has
built-in support for protection against XSS, but I can't find any references
to it in the documentation or the source code. 

Can anyone explain how this is configured in Shiro, or provide a link to
some docs.

Thanks and regards
Steve Jones




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-support-for-XSS-tp7580425.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Shiro support for XSS

Posted by scSynergy <ro...@scsynergy.de>.

Correct me if I am wrong, but Apache Shiro does *not* secure your web
application against XSS. Instead Apache Shiro itself is invulnerable to XSS
- meaning e. g. Javascript attacks targeting Shiro will not succeed.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-support-for-XSS-tp7580425p7580426.html
Sent from the Shiro User mailing list archive at Nabble.com.