Welcome to the new Spring.io forums!
If this is your first visit, be sure to check out the
by clicking the link above, and for security reasons, use the
forgot password link to reset your password..
You may have to register before you can post: click the register
link above to proceed. To start viewing messages, select the forum that you want to visit
from the selection below.
I had this big post about how you didn't tell us if you knew what a XSS attack was and an explanation about the nuts and bolts of one. But I really think it is your responsibility to research how a XSS attack really works, even attack your own project to help get into the mind of a hacker. You could also attend some seminars or training on how to do it.
But basically, you should escape any user input before it is displayed back to the browser and I have found that the java/jstl/core tags do just fine in this regard.
Your post is so vague that I think most people will not want to reply because it is too much work to explain this stuff in a forum. You really need to be trained on this kind of stuff.
I think XSS protection is actually one of those parts of a Web Framework that should not be optional but a "must have it". I cannot understand why I could not find a straight explanation in a simple tutorial as to how to get protected against XSS attacks in Spring Framework. Having worked before with other frameworks I understand the importance to have this issue resolved from the Framework side.
I have included a full example using a couple of open source classes in my SpringMVC tutorial "CoC or Convention over Configuration in Spring MVC Framework" which you can find at "code dot google dot com slash p slash nestorurquiza slash wiki slash SpringMVCTutorial" (Can't post URLs in this forum)
I am sure Spring will ship sooner or later with XSS protection. Any rapid development framework out there has it or provide a straight solution for it.
I actually think hindustani_ind question is pretty clear and should be part of Spring MVC FAQ.