Results 1 to 4 of 4
  1. #1
    maninder is offline Member
    Join Date
    Sep 2011
    Posts
    5
    Rep Power
    0

    Default Preventing XSS but allowing certain characters like apostrophe,!,"

    My project is on J2EE(JSp/Servlets). It is IDM enabled. Recently they have updated their security policies to prevent XSS which is not allowing me to enter apostrophe in text box and submit.How t allow certain characters to be entered but at the same time it should prevent XSS.

  2. #2
    DarrylBurke's Avatar
    DarrylBurke is offline Member
    Join Date
    Sep 2008
    Location
    Madgaon, Goa, India
    Posts
    11,237
    Rep Power
    19

    Default Re: Preventing XSS but allowing certain characters like apostrophe,!,"

    Don't double post. The other thread you started in the New to Java section has been removed.

    db
    If you're forever cleaning cobwebs, it's time to get rid of the spiders.

  3. #3
    f1gh is offline Member
    Join Date
    Nov 2010
    Posts
    46
    Rep Power
    0

    Default Re: Preventing XSS but allowing certain characters like apostrophe,!,"

    Quote Originally Posted by maninder View Post
    My project is on J2EE(JSp/Servlets). It is IDM enabled. Recently they have updated their security policies to prevent XSS which is not allowing me to enter apostrophe in text box and submit.How t allow certain characters to be entered but at the same time it should prevent XSS.
    There are multiple approaches to this:
    1) Find the flows that are exceptional cases and treat them with a different regex expression, instead of a blanket approach.
    2) Using a filter, instead of disallowing the input, convert it to its corresponding html code (e.g. < for less-then symbol) - this is what i have used in past and it works quite well
    3) Most XSS happen due to ability to insert a tag with open and close tag. Checking for those and handling those will prevent majority of XSS attacks instead of having a blanket approach to filter apostrophe, or double quotes, or pound symbol, etc. as those can be validate user inputs.

    HTH.

  4. #4
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    12,006
    Rep Power
    20

    Default Re: Preventing XSS but allowing certain characters like apostrophe,!,"

    Are you on a "raise old threads" mission?

Similar Threads

  1. Replies: 2
    Last Post: 10-03-2011, 06:22 PM
  2. Allowing only hex values in a textfield
    By elsanthosh in forum AWT / Swing
    Replies: 3
    Last Post: 07-20-2010, 09:31 AM
  3. Replies: 1
    Last Post: 10-20-2008, 07:35 AM
  4. make apostrophe differable in an sql request
    By bachtoutou in forum New To Java
    Replies: 1
    Last Post: 05-20-2008, 02:21 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •