OFBiz OFBiz - User

XSS exploit countermeasure? Filtering user input

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Peter Felts
Reply | Threaded
Open this post in threaded view
|

XSS exploit countermeasure? Filtering user input

Peter Felts
I'm creating my own application using java services. What is the best way to filter out user input to avoid XSS and buffer-overruns (do you even need to worry about buffer-overruns in Java?), etc? For example, if the user inputs the string:

alert('XSS vulnerability test');

In a form, what is the best way to prevent this script from being executed (Once the form data is passed to a service of course)? Is there some super-cool Java utility to validate HTML user input?







BJ Freeman
Reply | Threaded
Open this post in threaded view
|

Re: XSS exploit countermeasure? Filtering user input

BJ Freeman
there has been some input about this:
https://issues.apache.org/jira/browse/OFBIZ-260
http://jira.undersunconsulting.com/browse/OFBIZ-559
https://issues.apache.org/jira/browse/OFBIZ-1193
https://issues.apache.org/jira/browse/OFBIZ-1476

Peter Felts sent the following on 3/28/2008 3:29 PM:

> I'm creating my own application using java services. What is the best way to filter out user input to avoid XSS and buffer-overruns (do you even need to worry about buffer-overruns in Java?), etc? For example, if the user inputs the string:
>
> alert('XSS vulnerability test');
>
> In a form, what is the best way to prevent this script from being executed (Once the form data is passed to a service of course)? Is there some super-cool Java utility to validate HTML user input?
>
>
>
>
>
>
>
>
>
>

Free forum by Nabble Edit this page