Life long sharing . . .

Archive for the ‘About Worksheets / References’ Category

Advertisements

Some of the good sites explaining Cross-Site Scripting:

  • Preventing XSS Attack
  • XSS Protect, a project hosted on Google code.
  • For the entire Spring MVC app , you can specify the escaping in the web.xml:
    <context-param>
       <param-name>defaultHtmlEscape</param-name>
       <param-value>true</param-value>
    </context-param>

    But then the escaping applies only to the spring tags , like :

    <form:input path="formField" htmlEscape="true" />
  • Anti cross-site scripting (XSS) filter for Java web apps

  • Manual testing  for XSS
    • A good test string is >'>"><img src=x onerror=alert(0)>.
    • If your application doesn’t correctly escape this string, you will see an alert and will know that something went wrong.
    • Wherever your application handles user-supplied URLs, enter javascript:alert(0) or data:text/html,alert(0).


Archives

October 2017
M T W T F S S
« May    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 180 other followers