I am new to JSF, I am creating web application and in my application to prevent XSS attack, I write down a filter, this filter scan each request parameter and headers and remove any suspicious code that might attack.
Created one custom jsf required validator, now when i pass any xss input for e.g. Test <script> then jsf validation is not getting called, and if i pass any valid value like Test then validation is getting called
I tried to find answer on google and also try to search in existing questions for answer but couldn't get any success
Can anyone please help me to solve this issue?
Asked
Active
Viewed 60 times
0
Kukeltje
- 12,223
- 4
- 24
- 47
K. Kathiriya
- 1
- 1
-
Please start by reading https://stackoverflow.com/questions/7722159/csrf-xss-and-sql-injection-attack-prevention-in-jsf – Kukeltje Feb 28 '19 at 13:19
-
Thnaks Kukeljte, Question is not for XSS, I've already implemented to prevent XSS, the question is for jsf validation. – K. Kathiriya Mar 01 '19 at 09:37
-
Yes, I know but there is no need to implelemt a filter for XSS since JSF has that built-in... That was the reason I posted the link, so your second problem might not occur if you don't implement the filter but leave it up to JSF (JSF is cool). If you do want to get this fixed, you'd have two pieces of effectively superfluous workarounds. And no no one can help with this problem since the filter code is not in your Q, nor is the jsf xhtml/bean etc... – Kukeltje Mar 01 '19 at 10:12