Collaborate Disseminate
Expected result
JSP shows string properly and does not activate injections
Actual result
JSP taglib tag activates js
Tried
<c:out value=”<tagobject:labelName/>” />
<c:out value=”${fn:escapeXml(tagobject:la… Continue reading Stored XSS. JSP. taglib tag
I’ve a form with the input:
<html:text name=”grupo” maxlength=”15″ property=”name” size=”20″ alt=”Nombre del grupo” />
And when submit the form, i call the JavaScript Function:
function validate(theForm){
var value… Continue reading I need to know if my application is safe from XSS attacks [on hold]
I have an application that executes under Tomcat 7, developed with Struts (Java Web Framework). My application contains a security vulnerability (XSS Cross-site scripting).
What kind of XSS vulnerability is it ?
Persistent (or stored)
… Continue reading How to prevent persistent XSS vulnerability with the Java Struts 1 Framework?
I have a JSP page where the HTML title is pulled from a GET parameter title:
<title>${title}</title>
Obviously, this allows for XSS attacks. If I follow the answer given on this page and try the solutions
<… Continue reading Solutions from StackOverflow to prevent XSS in JSP pages don’t work
I noticed OWASP ESAPI hasn’t been updated in a while (minor update in 2016, and before 2013). Are there better alternatives to using it i.e. using a more maintained framework’s utilities for say escaping and validating user i… Continue reading Is OWASP ESAPI still the recommended way to secure JSP pages