Tuesday, December 23, 2014

Spring : How to escape HTML in all the pages of your application

 
 
In Spring we can escape HTML in all JSP pages generated by < form > tags.
 
 
For entire application put below lines in your web.xml
 

<context-param>
    <param-name>defaultHtmlEscape</param-name>
    <param-value>true</param-value>
</context-param>
 
 
For more details see the below stackoverflow thread
 
http://stackoverflow.com/questions/2147958/how-do-i-prevent-people-from-doing-xss-in-java

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)