Preven cross site scripting in java
Posted on 2004-11-17
I have jsp pages that takes users inputs and processes them in the servlet handler class. I would like to test the user input for presence of any malicious cross-site scripting, for example: in my input box, if the user enters <script>alert("bad code")</script>, this should be catched in my servlet and I need to remove the script part from any request objects parameter values i.e. anything between <script>..</script> or at least escape the "<" and ">" characters, AND finally I need to reset the request object with this modified value for further processing.
Any input for this issue is welcome. Also if some one can provide a sample code with a regular expression to filter the <script> part or "<" and ">" part and reset it on to the request object inside a java (servlet) would be really helpful.