Help:How to avoid CSS attacks in strut2

Hi All,
Is any one here having any idea of how to do content-encoding in struts by simply changing only struts.xml?

If anyone knows how to display as it is in jsp pages from the database,will also work.

Its urgent guys !!! Please help..

Replies

  • shalini_goel14
    shalini_goel14
    More specific :CSS Attacks are cross-site scripting attacks.If I have a html page with following code:
    [CODE ]















    [ /CODE ]

    OUTPUT: It displays an alert box with Message("Hi") in it instead of actually displaying the text in a table.

    Anyone has any idea how to avoid it???
  • shalini_goel14
    shalini_goel14
    Is any one here having any idea of how to do content-encoding in struts by simply changing only struts.xml?
    Hi All,

    I got the solution for this.

    FYI,
    No need of changing anything in struts.xml file, tag of struts2 automatically prevents CSS attacks.Just replace your expression language with tag in your jsp page.
    Ex. If I have use ${employeeName} in my jsp page ,replace it with .It works

    My problem is solved.Thanks for those who tried :smile:.

    But still following is unsolved?? Give a try for this:

    More specific :CSS Attacks are cross-site scripting attacks.If I have a html page with following code:
    
    
    
    
    
    
    
    OUTPUT: It displays an alert box with Message("Hi") in it instead of actually displaying the text in a table.

    Anyone has any idea how to avoid it???
  • Kaustubh Katdare
    Kaustubh Katdare
    Shalini - thanks for sharing the answer. Moving the thread to CS section.
  • shalini_goel14
    shalini_goel14
    shalini_goel14
    Hi All,

    I got the solution for this.

    FYI,
    No need of changing anything in struts.xml file, tag of struts2 automatically prevents CSS attacks.Just replace your expression language with tag in your jsp page.
    Ex. If I have use ${employeeName} in my jsp page ,replace it with .It works

    My problem is solved.Thanks for those who tried :smile:.

    But still following is unsolved?? Give a try for this:

    Oops !! 😳 .
    Replace , with in previous mail to view properly
  • Kaustubh Katdare
    Kaustubh Katdare
    There is an option to 'disable smilies' in advance editing mode 😀
  • shalini_goel14
    shalini_goel14
    Oh ..Thanks for the info., I was not aware of it.I will take care of it in future.😀

You are reading an archived discussion.

Related Posts

How about creating such a section.. I am thinking of hiring a small group of final year students with experienced faculties, to take my concept to a working prototype. Any...
Now, I'm not sure how many of you know; there's another browser ready to take on the Internet. Its called LunarScape and its from Japan! 😁 Some of the features...
Its happening again. Terrorists armed with AK 47 have opened gunfire at 4 places in South Mumbai. I'll update as I get more news. Firing took place at following places:...
guys i want to install linux on my pc can anyone tell me how shud i begin from installation to commands whether my pc supports linux 😁
CEans, I hope you must have noticed the thread tags feature newly introduce to CE. Thread tags are the keywords that can be used to identify the discussion and help...