Announcement Announcement Module
Collapse
No announcement yet.
Putting XSS Filter and CharacterEncodingFilter together Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Putting XSS Filter and CharacterEncodingFilter together

    Hi All,

    I had already written a XSS Filter to reject invalid input. But my application can still send invalid character/script to the browser. I want to prevent these in response object also. For that I think I can use CharacterEncodingFilter (correct me if I am wrong).

    My web.xml already have:
    Code:
    <!-- URLRewrite Filter -->
    	<filter-name>xssFilter</filter-name>
    		<filter-class>com.anjib.filter.XssFilter</filter-class>
    	</filter>
    	<filter-mapping>
    		<filter-name>xssFilter</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    How can I give specify another filter with same url pattern without conflicting?

    Thanks

  • #2
    By simply adding it... You can have as many filters on the same pattern as you like...

    Comment


    • #3
      Does CharacterEncodingFilter convert "<" to "&lt;". I am trying to put filter to do so for the response going from server to browser.

      Comment


      • #4
        No... It enforces/set a character encoding (the scheme) it doesn't convert characters...

        Also why are you building your own there are already security filters out there (like HDIV for instance) ... Which offer what you want.

        Comment

        Working...
        X