Preventing XSS but allowing certain characters like apostrophe,!,"
My project is on J2EE(JSp/Servlets). It is IDM enabled. Recently they have updated their security policies to prevent XSS which is not allowing me to enter apostrophe in text box and submit.How t allow certain characters to be entered but at the same time it should prevent XSS.
Re: Preventing XSS but allowing certain characters like apostrophe,!,"
Don't double post. The other thread you started in the New to Java section has been removed.
db
Re: Preventing XSS but allowing certain characters like apostrophe,!,"
Quote:
Originally Posted by
maninder 
My project is on J2EE(JSp/Servlets). It is IDM enabled. Recently they have updated their security policies to prevent XSS which is not allowing me to enter apostrophe in text box and submit.How t allow certain characters to be entered but at the same time it should prevent XSS.
There are multiple approaches to this:
1) Find the flows that are exceptional cases and treat them with a different regex expression, instead of a blanket approach.
2) Using a filter, instead of disallowing the input, convert it to its corresponding html code (e.g. < for less-then symbol) - this is what i have used in past and it works quite well
3) Most XSS happen due to ability to insert a tag with open and close tag. Checking for those and handling those will prevent majority of XSS attacks instead of having a blanket approach to filter apostrophe, or double quotes, or pound symbol, etc. as those can be validate user inputs.
HTH.
Re: Preventing XSS but allowing certain characters like apostrophe,!,"
Are you on a "raise old threads" mission?
