|
This is a Java servlet filter (as per Servlet API 2.3). This filter lets you deal with Cross Site Scripting (XSS) attempts. Filter intercepts every request sent to your web application and then cleans any potential script injection. What it basically does is remove all suspicious strings from request parameters (and headers) before returning them to the application. How to use it: a) download xssflt.jar and save it in WEB-INF/lib b) describe this filter in web.xml. An optional initial parameter apostrophe lets you define the replacement code for
apostrophe (') sign. By default it is '.
<filter> <filter-name>XSSFilter</filter-name> <filter-class>com.cj.xss.XSSFilter</filter-class> </filter> d) describe a mapping for this filter in web.xml. E.g.:
<filter-mapping> <filter-name>XSSFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> in this example filter will be on for the each file. For downloading: XSS package: xssflt.jar
See also JSOS - the largest collection of servlets and filters.
|
Also in JSOS:
|