Re: Dealing with XSS in struts

2004-05-06 Thread jeff mutonho
-Original Message- >>From: Craig McClanahan [mailto:[EMAIL PROTECTED] >>Sent: Wednesday, May 05, 2004 9:47 AM >>To: Struts Users Mailing List >>Subject: Re: Dealing with XSS in struts >> >> >>jeff mutonho wrote: >> >> >> &

RE: Dealing with XSS in struts

2004-05-05 Thread Van Riper, Mike
> -Original Message- > From: Craig McClanahan [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 11:01 AM > To: Struts Users Mailing List > Subject: Re: Dealing with XSS in struts > > > Van Riper, Mike wrote: > > >>-Original Message

Re: Dealing with XSS in struts

2004-05-05 Thread Craig McClanahan
Van Riper, Mike wrote: -Original Message- From: Craig McClanahan [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 2004 9:47 AM To: Struts Users Mailing List Subject: Re: Dealing with XSS in struts jeff mutonho wrote: Hi What are the recommendations to deal with cross-site

RE: Dealing with XSS in struts

2004-05-05 Thread Van Riper, Mike
> -Original Message- > From: Craig McClanahan [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 9:47 AM > To: Struts Users Mailing List > Subject: Re: Dealing with XSS in struts > > > jeff mutonho wrote: > > >Hi > >What are the

Re: Dealing with XSS in struts

2004-05-05 Thread Craig McClanahan
jeff mutonho wrote: Hi What are the recommendations to deal with cross-site scripting in struts? I'm got an app that a use can access at a URL , let's call it http://localhost/myapplication , now doing something like http://localhost/myapplication/applicationInit.do?mode=alert(document.cookie)

RE: Dealing with XSS in struts

2004-05-05 Thread Van Riper, Mike
Jeff, The way that I solved this was to implement my own subclass of the TilesRequestProcessor (because we use Tiles) and then specify that request processor in the controller element of the struts config file. In this subclass, I override processValidate() and in my override I wrap the incoming r