I'm creating an web application where user can post something and it will show up on the home page of all the users. I'm using Spring to develop this application. Should i serve a static html page and load the posts using ajax requests or is it secure to use JSP page and load post via JSP scriptlets, since user may try to post malicious script on the page.
Asked
Active
Viewed 130 times
1 Answers
1
The threat of an attack by means of a post should be treated when the post is submitted, escaping keywords, which could break both the browser and the server, before storing the post.
Afterwards, serve the post in the server rendering or in the client via ajax is a matter of taste, but usually is loaded with ajax in order to paginate and load comments on demand easily.
emibloque
- 195
- 1
- 3
-
how do i escape special keywords in a post? use some regex to replace the special characters? .Sorry, I'm a novice, can you clarify how it is usually done?. – parthi82 Jun 27 '15 at 05:26
-
@parthi.k take a look at [this](http://www.javacodegeeks.com/2012/07/anti-cross-site-scripting-xss-filter.html), is preventing XSS in the response, but could be used the other way around. – emibloque Jun 27 '15 at 05:40