struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Nenning <Christoph.Nenn...@lex-com.net>
Subject Re: best approach to clean parameters using Jsoup
Date Wed, 19 Nov 2014 08:00:16 GMT
> Hello,
>   We are using Struts 2.3.16.3 for our application. Due to security
> reasons, we need to "clean" the user's input in order to avoid XSS. We 
are
> using JSoup for that, with success(
> http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer).
> 
>   The issues is that we haven't find a really good way to integrate it 
with
> Struts. Basically we need to pass every String parameter through JSoup 
to
> sanitize it, and right now we are doing it manully on the execute method 
of
> the action, after the parameters have been loaded in the action and
> validated. We would like to do it automatically when the parametes are 
set
> in the action. In the normal actions we can do it in the getter, but 
some
> actions have java beans for parameters, and we don't want to integrate 
the
> Jsoup call in the bean methods. Any suggestions about how to do this?
> 
> Thanks
> 
> JL


One approach could be to wrap it in a custom validator. This blog seems to 
be a good sample:

http://www.programmingforfuture.com/2012/09/struts2-writing-custom-validator.html


Regards,
Christoph

This Email was scanned by Sophos Anti Virus

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message