Prevent xss attack in Spring+Hibernate application

Question

I have spring + hibernate application.

I have a lot of fields values of which I store in database. At this fields user can type anything.

These values can be rendered on client side. Thus this script can be executed.

Is there way to handle this problem in single place or I should handle each situation separately ?

score 0 · Answer 1 · edited May 23 '17 at 11:58

0

Take a look at https://stackoverflow.com/a/2148120/4204904 Basically you have to set in your web.xml

<context-param>
    <param-name>defaultHtmlEscape</param-name>
    <param-value>true</param-value>
</context-param>

edited May 23 '17 at 11:58

Community

answered Oct 26 '15 at 00:37

Shivam

1 Answers1