Need to create xss check for whole response using servlet filter
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
chain.doFilter(request, response);
// filter out xss here, and replace response
}
As I know after doFilter, response is already sent to client. Only chance to use wrapper.
Questions
- How to create wrapper?
- How to check whole html response for xss?
