Menu
I am working on web application using spring mvc framework, I wanted to know is there any best way to sanitize user inputs or common method to sanitize all the user inputs in springs to avoid XSS and Sql Injection attacks?
383
The Basics. The first lesson anyone learns when setting up a web-to-database—or anything-to-database gateway where untrusted user input is concerned—is to always, always sanitize every input.
Sanitizing will remove any illegal character from the data. Validating will determine if the data is in proper form.
In data sanitization, HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe" and desired.
You can use Filters in Spring framework to clean your forms. Filters will fetch all your request attributes and clean them all before processing the request. Another option is to use JSoup API's. visit following links to know more.
JSoup XSS Api's
Filter approach to prevent XSS threat
EDIT :
Read OWASP sheets to know how to avoid XSS and SQL injection.
OWASP - prevention of XSS
OWASP - prevention of SQL injection
Take a look at HDIV which integrates with spring 3.1, it has out-of-the-box support for XSS, CSRF, Data Integrity Checks.
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
