xss « Security « JSP-Servlet Q&A

  1. JSP-Servlet Q&A
  2. Security
  3. xss




1. XSS prevention in Java    stackoverflow.com

How can I prevent XSS attacks in Java? Are there any good libraries for that?

2. Is it possible to make XSS attacks through html comments with JSP code inside?    stackoverflow.com

Is it true that following code adds a XSS vulnerability to some JSP page? 

<!--    <%=paramName%>=<%=request.getParameter(paramName)%><BR>  -->
It looks like a "leftover debug" and definitely should be removed from ...

3. protect jsp pages againt xss    stackoverflow.com

i want to protect my website form xss, and i want to assure that all my data are correct and consistent, so i don't want to allow to add any scripts ...

4. Type 0 (DOM-Based) XSS Prevention for JSP Applications    stackoverflow.com

Unlike the standard XSS attacks, which rely on dynamic web pages, a DOM-based XSS attack does not require sending any malicious code to the server and thus can also use static ...

5. XSS attacks in jsp    stackoverflow.com

Hi I have a jsp page in which following lines 

if(Exception err) {
  out.println (err.getMessage() + "<br/><br/>");
}
may get XSS attacks i want to it just display the above things without ...