View Feed
group-icon
Coffee Room
Discuss anything here - everything that you wish to discuss with fellow engineers.
12933 Members
Join this group to post and comment.
shalini_goel14
shalini_goel14 • Nov 26, 2008

Help:How to avoid CSS attacks in strut2

Hi All,
Is any one here having any idea of how to do content-encoding in struts by simply changing only struts.xml?

If anyone knows how to display as it is in jsp pages from the database,will also work.

Its urgent guys !!! Please help..
shalini_goel14
shalini_goel14 • Nov 27, 2008
More specific :CSS Attacks are cross-site scripting attacks.If I have a html page with following code:
[CODE ]















[ /CODE ]

OUTPUT: It displays an alert box with Message("Hi") in it instead of actually displaying the text in a table.

Anyone has any idea how to avoid it???
shalini_goel14
shalini_goel14 • Nov 27, 2008
Is any one here having any idea of how to do content-encoding in struts by simply changing only struts.xml?
Hi All,

I got the solution for this.

FYI,
No need of changing anything in struts.xml file, tag of struts2 automatically prevents CSS attacks.Just replace your expression language with tag in your jsp page.
Ex. If I have use ${employeeName} in my jsp page ,replace it with .It works

My problem is solved.Thanks for those who tried :smile:.

But still following is unsolved?? Give a try for this:

More specific :CSS Attacks are cross-site scripting attacks.If I have a html page with following code:






OUTPUT: It displays an alert box with Message("Hi") in it instead of actually displaying the text in a table.

Anyone has any idea how to avoid it???
Kaustubh Katdare
Kaustubh Katdare • Nov 27, 2008
Shalini - thanks for sharing the answer. Moving the thread to CS section.
shalini_goel14
shalini_goel14 • Nov 27, 2008
shalini_goel14
Hi All,

I got the solution for this.

FYI,
No need of changing anything in struts.xml file, tag of struts2 automatically prevents CSS attacks.Just replace your expression language with tag in your jsp page.
Ex. If I have use ${employeeName} in my jsp page ,replace it with .It works

My problem is solved.Thanks for those who tried :smile:.

But still following is unsolved?? Give a try for this:

Oops !! 😳 .
Replace , with in previous mail to view properly
Kaustubh Katdare
Kaustubh Katdare • Nov 27, 2008
There is an option to 'disable smilies' in advance editing mode 😀
shalini_goel14
shalini_goel14 • Nov 27, 2008
Oh ..Thanks for the info., I was not aware of it.I will take care of it in future.😀

Share this content on your social channels -