Life long sharing . . .

Archive for the ‘Computing’ Category

Some of the good sites explaining Cross-Site Scripting:

  • Preventing XSS Attack
  • XSS Protect, a project hosted on Google code.
  • For the entire Spring MVC app , you can specify the escaping in the web.xml:
    <context-param>
       <param-name>defaultHtmlEscape</param-name>
       <param-value>true</param-value>
    </context-param>

    But then the escaping applies only to the spring tags , like :

    <form:input path="formField" htmlEscape="true" />
  • Anti cross-site scripting (XSS) filter for Java web apps

  • Manual testing  for XSS
    • A good test string is >'>"><img src=x onerror=alert(0)>.
    • If your application doesn’t correctly escape this string, you will see an alert and will know that something went wrong.
    • Wherever your application handles user-supplied URLs, enter javascript:alert(0) or data:text/html,alert(0).

Like what he said, “Don’t imitate. Understand”

I like to use this as a start for new project:

maven

A good read: http://blog.pengyifan.com/how-to-create-a-web-application-project-with-javamavenjetty/

 


Archives

May 2017
M T W T F S S
« Apr    
1234567
891011121314
15161718192021
22232425262728
293031  

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 180 other followers