struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: best approach to clean parameters using Jsoup
Date Wed, 19 Nov 2014 09:57:04 GMT
2014-11-19 4:57 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlmagc@gmail.com>:
> Hello,
>   We are using Struts 2.3.16.3 for our application. Due to security
> reasons, we need to "clean" the user's input in order to avoid XSS. We are
> using JSoup for that, with success(
> http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer).
>
>   The issues is that we haven't find a really good way to integrate it with
> Struts. Basically we need to pass every String parameter through JSoup to
> sanitize it, and right now we are doing it manully on the execute method of
> the action, after the parameters have been loaded in the action and
> validated. We would like to do it automatically when the parametes are set
> in the action. In the normal actions we can do it in the getter, but some
> actions have java beans for parameters, and we don't want to integrate the
> Jsoup call in the bean methods. Any suggestions about how to do this?

You can override ParametersInterceptor's
retrieveParameters(ActionContext ac) method and then build your custom
stack. Or you can develop custom interceptor and put it on the top of
your stack and do ActionContext.get/setParameters() in intercept()
method.


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message