struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From webmeiker <i...@webmeiker.com>
Subject Re: HTML escaping in form input fields in Struts2
Date Thu, 25 Nov 2010 15:06:33 GMT
(Looks great, thanks)

2010/11/25 Maurizio Cucchiara <maurizio.cucchiara@gmail.com>

> What about hdiv plugin?
> https://cwiki.apache.org/S2PLUGINS/hdiv-plugin.html
>
> 2010/11/25 webmeiker <info@webmeiker.com>
>
> > Hi,
> >
> >
> >
> > I want to ask the community for the best recommended way to achieve HTML
> > escaping in form input fields in Struts2…
> >
> >
> >
> > For output I know about escapeHtml attribute in s:property tag, but I
> don’t
> > know if there is something like that ‘implemented’ for the input (some
> > interceptor, validator type, …).
> >
> >
> >
> > Have somebody implemented a validator type (using regular expressions)
> that
> > rejects problematic html characters to avoid XSS attacks??
> >
> >
> > --
> >
>
>
>
> --
> Maurizio Cucchiara
>



--

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message