Databases
StackOverflow2013
Postsdbo
POJava website protection solutions (especially XSS)
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POJava website protection solutions (especially XSS)
    text
    copied!<p>I'm developing a web application, and facing some security problems.</p> <p>In my app users can send messages and see other's (a bulletin board like app). I'm validating all the form fields that users can send to my app.</p> <p>There are some very easy fields, like "nick name", that can be 6-10 alpabetical characters, or message sending time, which is sended to the users as a string, and then (when users ask for messages, that are "younger" or "older" than a date) I parse this with SimpleDateFormat (I'm developing in java, but my question is not related to only java).</p> <p>The big problem is the message field. I can't restrict it to only alphabetical characters (upper or lowercase), because I have to deal with some often use characters like ",',/,{,} etc... (users would not be satisfied if the system didn't allow them to use these stuff)</p> <p>According to this <a href="http://ha.ckers.org/xss.html" rel="nofollow noreferrer">http://ha.ckers.org/xss.html</a>, there are a lot of ways people can "hack" my site. But I'm wondering, is there any way I can do to prevent that? Not all, because there is no 100% protection, but I'd like a solution that can protect my site.</p> <p>I'm using servlets on the server side, and jQuery, on the client side. My app is "full" AJAX, so users open 1 JSP, then all the data is downloaded and rendered by jQuery using JSON. (yeah, I know it's not "users-without-javascript" friendly, but it's 2010, right? :-) ) I know front end validation is not enough. I'd like to use 3 layer validation: - 1. front end, javascript validate the data, then send to the server - 2. server side, the same validation, if there is anything, that shouldn't be there (because of client side javascript), I BAN the user - 3. if there is anything that I wasn't able to catch earlier, the rendering process handle and render appropriately</p> <p>Is there any "out of the box" solution, especially for java? Or other solution that I can use?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload