Overview   Seperator   Blog   Seperator   Wiki   Seperator   Forums   Seperator   
login   Seperator   signup   Seperator   Search   Seperator   Feeds   Seperator   Dekoh.Com

How do I Prevent Cross Site Scripting

Cross Site Scription/XSS (Letter 'X' stands for Cross):

When Dekoh applications display user-typed content in a page, the content must be filtered first. Else, the user-typed content may contain malicious JavaScript code and the browser will automatically execute it

Dekoh Web Server provides a utility class called com.pramati.web.util.xss.XSSSupport, and you can use the methods in this class to encode user-entered text into safe HTML.

Example Usage: 

XSSSupport.toSafeHTMLForParameter(request, "testParam");
XSSSupport.toSafeHTMLForAttribute(request, "testAttribute");
XSSSupport.toSafeHTML("<html></html>","UTF-8");