<div>
Use filter concept or interceptor concept ..... <br />
<br />
when all your request/response goes to filter or interceptor .. then you cant get the form values in the URL. &nbsp;you can stop Corss Site scripting .
</div>


Use filter concept or interceptor concept .....

when all your request/response goes to filter or interceptor .. then you cant get the form values in the URL.  you can stop Corss Site scripting .

<div>
In Filter you can do set encoding or URLEncode.
</div>


In Filter you can do set encoding or URLEncode.

<div>
Hi Dravid<br />
<br />
could you share some reference or code fragments on this.<br />
<br />
also I do not want to change in all my files. can you please explain a bit
</div>


Hi Dravid

could you share some reference or code fragments on this.

also I do not want to change in all my files. can you please explain a bit

<div>
<div class="content wysiwyg-content">
Hi All<br />
<br />
There was some penetrating tests that was conducted in our existing production java application, and one of the recommendation is to address cross site scripting.<br />
<br />
I need inputs from experts on implementing this cross side without the need make changes in every artifact<br />
<br />
something like setting up some config file, etc if possible<br />
<br />
Regards
</div>
</div>


Hi All

There was some penetrating tests that was conducted in our existing production java application, and one of the recommendation is to address cross site scripting.

I need inputs from experts on implementing this cross side without the need make changes in every artifact

something like setting up some config file, etc if possible

Regards

Cross Site Scripting implementation

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Java is a platform-independent, object-oriented programming language and run-time environment, designed to have as few implementation dependencies as possible such that developers can write one set of code across all platforms using libraries. Most devices will not run Java natively, and require a run-time component to be installed in order to execute a Java program.

Java

A scripting language is a programming language that supports scripts, programs written for a special run-time environment that automate the execution of tasks that could alternatively be executed one-by-one by a human operator. Scripting languages are often interpreted (rather than compiled). Primitives are usually the elementary tasks or API calls, and the language allows them to be combined into more complex programs. Environments that can be automated through scripting include software applications, web pages within a web browser, the shells of operating systems (OS), embedded systems, as well as numerous games. A scripting language can be viewed as a domain-specific language for a particular environment; in the case of scripting an application, this is also known as an extension language.