0

I studied this forum http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/

works perfect except for Mutipart request .. I did some research on google and Found that things are working on servelet 3.0 and their is some MutipartRequest class which again is unavailable in the servelet API I am using ... do anyone have any Idea on how I can write filter to omit XSS .

I know what is the right way of doing it i.e using jstl tag libraries using c:out ... but I just need to stop it to get stored in database using the Filter ...Any one with any idea on same.

ManMohan Vyas
  • 4,004
  • 4
  • 27
  • 40
  • You could use the [Apache Commons FileUpload](http://commons.apache.org/proper/commons-fileupload/) library to handle multipart requests. By the way, using JSTL tags helps you to clean your site from XSS when the data comes from the server (database or another source) and is displayed in the view, not when you're sending data from client to server. – Luiggi Mendoza May 23 '13 at 19:43
  • By the way, there are frameworks like JSF that [already handles XSS attacks](http://stackoverflow.com/q/7722159/1065197). No need to reinvent the wheel. Just find a framework or set of libraries that can help you to do this instead of building it by yourself (and spending three or more times testing it). – Luiggi Mendoza May 23 '13 at 19:45
  • thanks a lot for your comments .. but what you said I know already ... and I am working on some legacy code that dosen't use such advanced frameworks.Using jstl now accross the application is two months of task, can't be done for now... Apache Commons ..allows me to get multipart form request ..but dosen't exposes the API to modify the values (this is what I got to know with little R & D) .. – ManMohan Vyas May 24 '13 at 05:10

0 Answers0