Cross Site Scripting support on Rest based POST Web service

Question

I have designed a REST based post Service using Spring 3.

The service method consumes parameter as String and responds data as String. The param and response can be json or string

@RequestMapping(value = "/service", method = RequestMethod.POST)
    public @ResponseBody String Service(@RequestParam("param") String param) {

Sample POST Request:

http://IP:PORT/test-project/service
param={"name":"John"}

Sample response to above request:

{"age":"31"}

Is there a way to safeguard this request against Cross Site Scripting?
If yes then how can I achieve XSS support once I receive request on param parameter??

Does this answer your question? [How do I prevent people from doing XSS in Spring MVC?](https://stackoverflow.com/questions/2147958/how-do-i-prevent-people-from-doing-xss-in-spring-mvc) — Sambit, Dec 26 '19 at 20:26

score 0 · Answer 1 · answered Dec 26 '19 at 20:26

0

If you aren't returning the parameter value (or any manipulation of it) in the response, you don't have an XSS vulnerability.

Not that it means that your service is completely secure, of course.

answered Dec 26 '19 at 20:26

Mureinik

297,002
52
306
350

I am using GSON API to de-serialize and serialize it back in the response. Will this help? Do I need to perform any other XSS vulnerability check before I pass the param String to GSON API? – Ecnoir Dec 27 '19 at 15:45

Cross Site Scripting support on Rest based POST Web service

1 Answers1