rest - How can i make sure that passing parameters don't have any cross site scripting contents -

August 15, 2011

i creating rest web services using spring & passing parameters method model class.

my inputs parameters

{     "user_id": 23,     "user_email_id": "q@q.c",     "user_password": "fdsdsdf",     "firstname": "<script>window.alert(‘surprise!’);</script>",     "lastname": "kdfgkdf",     "mobile_number": "1414141414",     "user_status": 1,     "isdeleted": 0,     "created_by": 1,     "profile_picturename": "kfksdjfhksjd",     "address": "sfdsdfsd" }

& rest controller method as

@requestmapping(value = "/validate", method = requestmethod.post, consumes = mediatype.application_json_value, produces = mediatype.application_json_value) public object adduser(@valid @requestbody userinputmodel userinputmodel, bindingresult br, httpservletresponse response) throws exception {     //logic  }

here want make sure passing parameter dont contain xss or how can make sure html encoder work input model

thanks in advance

use hibernate validator's @safehtml annotation:

https://docs.jboss.org/hibernate/validator/5.2/reference/en-us/html/ch02.html#validator-defineconstraints-hv-constraints

you need add jsoup dependency

example:

@entity  public class foo {    @safehtml(...)   private string firstname;  }

then if validate entity, not valid if firstname contains xss

Search This Blog

Live one

rest - How can i make sure that passing parameters don't have any cross site scripting contents -

Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

javascript - Get parameter of GET request -