I'd be more inclined towards a filter here, preferably close to the top
of the chain... my thought is it's better to deal with things like that
as soon as possible because there's less chance of something exploitable
down the pipe. We have a cross-site scripting filter in our standard
security stack at work for precisely that reason. I realize your not
stating security as your concern, but I think the argument would be very
much the same... might not be an exploit your too worried about, but an
exception thrown that breaks the app for the user isn't much better :)
Frank
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: [EMAIL PROTECTED]
Author of "Practical Ajax Projects With Java Technology"
(2006, Apress, ISBN 1-59059-695-1)
and "JavaScript, DOM Scripting and Ajax Projects"
(2007, Apress, ISBN 1-59059-816-4)
Java Web Parts - http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
Toni Lyytikäinen wrote:
You could just override the string conversion in xwork:
http://struts.apache.org/2.x/docs/type-conversion.html
define something like this in xwork-conversion.properties
java.lang.String=org.example.MyConverter
Then create a class MyConverter that extends the XWorkBasicConverter and
override the behaviour of the convertValue method in the case of string to
string conversion.
I'm not sure if this is actually a good way, but it's easy enough and with
simple configuration it works everywhere in you webapp.
On 8/23/07, Ian Roughley <[EMAIL PROTECTED]> wrote:
This is a good approach. In fact, you might start with the params
interceptor - as it is responsible for assigning data to the action, and
all that is needed is to sanitize before assignment.
/Ian
Richard Sayre wrote:
I was wondering what the best approach would be for taking form data
passed to an Action and removing 'special characters' from the data.
I am having issues with users pasting text from word docs etc. We
only support ISO-8859-1 as of now and there are some characters that
Word will replace such as ' and " with character that are outside the
8839-1 character set.
I was thinking about an interceptor that would sanitize the request
parameters before they are passed to the action. Is this a good
approach? Can anyone suggest a better one? It does not matter if it
uses Struts or not.
Thank you
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.2/967 - Release Date: 8/22/2007 6:51 PM
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
