发表新帖
发表新帖

How to avoid apps from XSS attacks?

后端 未结
关注
3 1720
盖世英雄少女心
盖世英雄少女心 2020-12-24 04:31

How to safe guard our web applications from XSS attacks? One app is vulnearable to attack, if it does not do any conversion of a special charecters.

3条回答
  • 慢半拍i
    慢半拍i (楼主)
    2020-12-24 04:59

    Just to add to WhiteFang34' list:

    • JSoup whitelist sanitizer

    It has several whitelists built-in to choose from, such as allowing some HTML, no HTML, etc.

    I chose this over Apache Commons's StringEscapeUtils.escapeHtml() because of how it handles apostrophes. I.e. if our users type in:

    Alan's mom had a good brownie recipe.

    JSoup will leave the apostrophe alone, whereas Apache Commons would escape that string as:

    Alan\'s mom had a good brownie recipe.

    Which I wouldn't want to have to worry about unescaping before displaying to the user.

    0 讨论(0)
 看不清?
提交回复
热议问题