CrazyEngineers
CrazyEngineers
  • Hi All,
    Is any one here having any idea of how to do content-encoding in struts by simply changing only struts.xml?

    If anyone knows how to display as it is in jsp pages from the database,will also work.

    Its urgent guys !!! Please help..
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies

  • shalini_goel14

    MemberNov 26, 2008

    More specific :CSS Attacks are cross-site scripting attacks.If I have a html page with following code:
    [CODE ]

    <html>
    <head>
    <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
    </head>
    <title></title>
    <body>
    <table>
    <tr>
    <td><script>alert("Hi");</script></td>
    </tr>
    </table>
    </body>
    </html>
    [ /CODE ]

    OUTPUT: It displays an alert box with Message("Hi") in it instead of actually displaying the text in a table.

    Anyone has any idea how to avoid it???
    Are you sure? This action cannot be undone.
    Cancel

  • shalini_goel14

    MemberNov 27, 2008

    Is any one here having any idea of how to do content-encoding in struts by simply changing only struts.xml?
    Hi All,

    I got the solution for this.

    FYI,
    No need of changing anything in struts.xml file,<s😛roperty> tag of struts2 automatically prevents CSS attacks.Just replace your expression language with <s😛roperty> tag in your jsp page.
    Ex. If I have use ${employeeName} in my jsp page ,replace it with <s😛roperty value="employeeName"/> .It works

    My problem is solved.Thanks for those who tried :smile:.

    But still following is unsolved?? Give a try for this:

    More specific :CSS Attacks are cross-site scripting attacks.If I have a html page with following code:
    <html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<title></title>
<body>
<table>
<tr>
<td><script>alert("Hi");</script></td>
</tr>
</table>
</body>
</html>
    OUTPUT: It displays an alert box with Message("Hi") in it instead of actually displaying the text in a table.

    Anyone has any idea how to avoid it???
    Are you sure? This action cannot be undone.
    Cancel

  • Kaustubh Katdare

    AdministratorNov 27, 2008

    Shalini - thanks for sharing the answer. Moving the thread to CS section.
    Are you sure? This action cannot be undone.
    Cancel

  • shalini_goel14

    MemberNov 27, 2008

    shalini_goel14
    Hi All,

    I got the solution for this.

    FYI,
    No need of changing anything in struts.xml file,<s😛roperty> tag of struts2 automatically prevents CSS attacks.Just replace your expression language with <s😛roperty> tag in your jsp page.
    Ex. If I have use ${employeeName} in my jsp page ,replace it with <s😛roperty value="employeeName"/> .It works

    My problem is solved.Thanks for those who tried :smile:.

    But still following is unsolved?? Give a try for this:

    Oops !! 😳 .
    Replace ,<s😛roperty> with <s: property> in previous mail to view properly
    Are you sure? This action cannot be undone.
    Cancel

  • Kaustubh Katdare

    AdministratorNov 27, 2008

    There is an option to 'disable smilies' in advance editing mode 😀
    Are you sure? This action cannot be undone.
    Cancel

  • shalini_goel14

    MemberNov 27, 2008

    Oh ..Thanks for the info., I was not aware of it.I will take care of it in future.😀
    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register