Announcement Announcement Module
Collapse
No announcement yet.
Spring MVC resolution fro HTML tampering? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring MVC resolution fro HTML tampering?

    Is there any out of the box solution or feature in Spring MVC which can help to prevent HTML tampering attack? If not, could one describe sound strategy to implement it?

    Tnx

  • #2
    You might find http://forum.springframework.org/showthread.php?t=10911 useful.
    Last edited by robyn; May 16th, 2006, 05:04 AM.

    Comment


    • #3
      and this one: http://forum.springframework.org/showthread.php?t=10820
      Last edited by robyn; May 16th, 2006, 05:03 AM.

      Comment


      • #4
        Good link Darren - I think yours is more relevant. For more info, have a look at the JavaDoc for the class DataBinder, and it's method setAllowedFields.

        Comment


        • #5
          Thank you all for your answers, but there is one more problem about allowedFields property in DataBinder. Specifically, one can't react in controller if non allowed fields are submitted. All you can do is to look at warning log entry produced by DataBinder. There really should be an option to remember not allowed fields so that you can implement some logic (like session invalidation or/and logout) in controller in case when not allowed fields are submitted.

          I raised JIRA issue about that so you can vote for it.

          Damir

          Comment

          Working...
          X