I am working on web application using spring mvc framework, I wanted to know is there any best way to sanitize user inputs or common method to sanitize all the user inputs in springs to avoid XSS and Sql Injection attacks?
Asked
Active
Viewed 3.2k times
1 Answers
25
You can use Filters in Spring framework to clean your forms. Filters will fetch all your request attributes and clean them all before processing the request. Another option is to use JSoup API's. visit following links to know more.
Filter approach to prevent XSS threat
EDIT :
Read OWASP sheets to know how to avoid XSS and SQL injection.
OWASP - prevention of SQL injection
Take a look at HDIV which integrates with spring 3.1, it has out-of-the-box support for XSS, CSRF, Data Integrity Checks.
Jeevan Patil
- 6,029
- 3
- 33
- 50
-
thank for the answer! But still it does not completely satisfies my requirement! – Kishan_KP Mar 27 '13 at 08:28
-
If you need better & different approach than this, let me do a search for you. – Jeevan Patil Mar 27 '13 at 08:29
-
1Thanks alot for spending your valuable time for answering my question! – Kishan_KP Mar 27 '13 at 10:41
-
1Really liked the filter approach, thanks for answering. :) – Sidner Aug 07 '15 at 10:47
-
@JeevanPatil웃 The filter approcah handles the RequestParam values. How to hanlde RequestBody values too? – Harshana Aug 11 '16 at 09:29
-
For the XSS filter approach above (Filter approach to prevent XSS threat), don't forget to override getParameterMap() method in your HttpServletRequestWrapper implementation. How? The implementation is kinda similar to the one in getParameterValues(...) method. You should sanitize each parameter value (String[] values). Why? Depending to the technology you use, getParameterMap() might be called to initialize the parameters in your controller. – Youness May 13 '21 at 17:34