Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring MVC : How to Protect Application from CSRF and XSS

Tags:

spring-mvc

xss

csrf

What is the best way to protect our Spring MVC application from CSRF and XSS.

Is there native Spring MVC support for this?

like image 530
Fitrah M Avatar asked Jan 17 '23 17:01

Fitrah M

2 Answers

In Spring:

Forms ( globally):

<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>

Forms ( locally):

<spring:htmlEscape defaultHtmlEscape="true" />
like image 194
Liam Avatar answered Jan 31 '23 11:01

Liam

You can use Spring Security 3.2.0.RELEASE and enable csrf support with this configuration

<http>
    <!-- ... -->
    <csrf />
</http>
like image 36
iesen Avatar answered Jan 31 '23 09:01

iesen
Sign in to Comment

Related questions

How to ignore Null values in Post request body in Spring Boot
What is a hashtag ( # ) in Java/SpringBoot?
Paging with Spring MVC, JPA and Datatables
Spring 3 Annotations
In spring mvc, headers = "x-requested-with:XMLHttpRequest" in request mapping not working?
Accessing a session-scoped bean inside a controller
Spring: DispatcherServlet and static content
Run on server option does not display in eclipse helios for spring-maven project
Validating wizard pages with Spring 3
Programmatically configuration of the ResourceBundleMessageSource
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException in hibernate

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!