Results 1 to 2 of 2
  1. #1
    maas is offline Member
    Join Date
    Jul 2010
    Posts
    30
    Rep Power
    0

    Default Fixing cross-site scripting (XSS) in search box

    I need your assistant in fixing an issue in the search textbox in one of the jsp's. I was informed that cross site scripting can be done in the textbox and I kept the below code in my jsp to fix the issue:
    Java Code:
    searchTerm = request.getParameter("search");
    
       searchTerm = searchTerm.replaceAll("<", "<").replaceAll(">", ">");
    
       searchTerm = searchTerm.replaceAll("[^A-Za-z0-9 ]", "");
    
                   searchTerm = searchTerm.replaceAll("eval\\((.*)\\)", "");
    
                   searchTerm = searchTerm.replaceAll("[\\\"\\\'][\\s]*((?i)javascript):(.*)[\\\"\\\']", "\"\"");
    
                   searchTerm = searchTerm.replaceAll("((?i)script)", "");
    
                   searchTerm = searchTerm.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
    
                   searchTerm = searchTerm.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
    
                   searchTerm = searchTerm.replaceAll("'", "& #39;");
    
                   searchTerm = searchTerm.replaceAll("script", "");
    
       searchTerm = searchTerm.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
    
       searchTerm = searchTerm.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
    
       searchTerm = searchTerm.replaceAll("'", "& #39;");
    
       searchTerm = searchTerm.replaceAll("eval\\((.*)\\)", "");
    
       searchTerm = searchTerm.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
    
       searchTerm = searchTerm.replaceAll("script", "");
    Now, after applying the above code, the cross site scripting can be done and the problem is that the search can't be done using the textbox and all the time will display none results.

    So, can you please assist me in writing the best code and thanks

  2. #2
    KevinWorkman's Avatar
    KevinWorkman is online now Crazy Cat Lady
    Join Date
    Oct 2010
    Location
    Washington, DC
    Posts
    3,961
    Rep Power
    8

    Default Re: Fixing cross-site scripting (XSS) in search box

    How to Ask Questions the Smart Way
    Static Void Games - Play indie games, learn from game tutorials and source code, upload your own games!

Similar Threads

  1. Help with fixing a error
    By LukasHopkins in forum New To Java
    Replies: 1
    Last Post: 09-06-2012, 02:34 AM
  2. Replies: 0
    Last Post: 12-08-2011, 12:43 PM
  3. Another problem that needs fixing : )
    By Mirr0ge in forum New To Java
    Replies: 3
    Last Post: 03-28-2011, 10:23 PM
  4. Help with fixing timer
    By acash229 in forum New To Java
    Replies: 1
    Last Post: 09-13-2010, 06:27 AM
  5. Replies: 2
    Last Post: 03-18-2009, 08:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •