struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Nenning <>
Subject Re: best approach to clean parameters using Jsoup
Date Wed, 19 Nov 2014 08:00:16 GMT
> Hello,
>   We are using Struts for our application. Due to security
> reasons, we need to "clean" the user's input in order to avoid XSS. We 
> using JSoup for that, with success(
>   The issues is that we haven't find a really good way to integrate it 
> Struts. Basically we need to pass every String parameter through JSoup 
> sanitize it, and right now we are doing it manully on the execute method 
> the action, after the parameters have been loaded in the action and
> validated. We would like to do it automatically when the parametes are 
> in the action. In the normal actions we can do it in the getter, but 
> actions have java beans for parameters, and we don't want to integrate 
> Jsoup call in the bean methods. Any suggestions about how to do this?
> Thanks
> JL

One approach could be to wrap it in a custom validator. This blog seems to 
be a good sample:


This Email was scanned by Sophos Anti Virus

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message