Link to home
Start Free TrialLog in
Avatar of Manish
ManishFlag for India

asked on

cross site scripting.

What is best way to prevent cross site scripting?
If user enters encoded value like for %3c for <, how to track this?
plz provide examples.
Avatar of humanonomics
Flag of India image

Where will the user enter the data ? What kind of application do you have ?
Normally for a Web application, the general approaches to prevent cross-site scripting attacks
- Filter input parameters for special characters.
- Filter output based on input parameters for some special characters
Avatar of Manish


It is web appplication.
jsp- We have our framework-.
We can write/add filter in it.
do anybody have example for it?
Avatar of ksivananth
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Manish


I have following value in text field. still script is getting executed and showing alert.
<input id="headline" type="text" name="headline"  value="<script>alert&#40;&quot;hi&quot;&#41;</script>" />
Avatar of Manish


like this
<input id="headline" type="text" name="headline"  value="&lt;script&gt;alert&#40;&quot;hi&quot;&#41;&lt;/script&gt;" />

Open in new window

Avatar of Manish


why so?
you should remove the script tags from the user input, refer the link I have posted!