Spring, protect against XSS or injection

Asked Feb 13 '15 at 22:29

Active Feb 16 '15 at 14:01

Viewed 400 times

The place I work has a Sencha 4.1.3 frontend, with Java + Spring 3.x backend.

Sencha sends a RESTful call to get the data. The server returns some JSON. Pretty basic stuff.

I would like to escape/remove any <script></script> tags from the response. Is there any annotation or anything I can use to quickly do this?

edited Feb 16 '15 at 14:01

meskobalazs

asked Feb 13 '15 at 22:29

Mike Fielden

4

Swing? Do you mean Spring? – Alex Feb 13 '15 at 23:05
2

Why would you want/need to remove script tags from JSON? – Philipp Reichart Feb 13 '15 at 23:08
@Alex My bad... it was late on a friday :) – Mike Fielden Feb 16 '15 at 13:58
Try the OWASP Java encoder project: https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Main – Anurag Kapur Feb 16 '15 at 14:16
possible duplicate of [How do I prevent people from doing XSS in Java?](http://stackoverflow.com/questions/2147958/how-do-i-prevent-people-from-doing-xss-in-java) – Mike Fielden Feb 18 '15 at 14:04

0 Answers0