1. Home >
  2. Apps >
  3. Groups >

Help:How to avoid CSS attacks in strut2

Question asked by shalini_goel14 in #Coffee Room on Nov 26, 2008
shalini_goel14
shalini_goel14 路 Nov 26, 2008
Rank A3 - PRO
Hi All,
Is any one here having any idea of how to do content-encoding in struts by simply changing only struts.xml?

If anyone knows how to display <script>alert(*some message*)</script> as it is in jsp pages from the database,will also work.

Its urgent guys !!! Please help.. Posted in: #Coffee Room
shalini_goel14
shalini_goel14 路 Nov 27, 2008
Rank A3 - PRO
More specific :CSS Attacks are cross-site scripting attacks.If I have a html page with following code:
[CODE ]















[ /CODE ]

OUTPUT: It displays an alert box with Message("Hi") in it instead of actually displaying the text in a table.

Anyone has any idea how to avoid it???
shalini_goel14
shalini_goel14 路 Nov 27, 2008
Rank A3 - PRO
Is any one here having any idea of how to do content-encoding in struts by simply changing only struts.xml?
Hi All,

I got the solution for this.

FYI,
No need of changing anything in struts.xml file, tag of struts2 automatically prevents CSS attacks.Just replace your expression language with tag in your jsp page.
Ex. If I have use ${employeeName} in my jsp page ,replace it with .It works

My problem is solved.Thanks for those who tried :smile:.

But still following is unsolved?? Give a try for this:

More specific :CSS Attacks are cross-site scripting attacks.If I have a html page with following code:






OUTPUT: It displays an alert box with Message("Hi") in it instead of actually displaying the text in a table.

Anyone has any idea how to avoid it???
Kaustubh Katdare
Kaustubh Katdare 路 Nov 27, 2008
Rank A1 - PRO
Shalini - thanks for sharing the answer. Moving the thread to CS section.
shalini_goel14
shalini_goel14 路 Nov 27, 2008
Rank A3 - PRO
shalini_goel14
Hi All,

I got the solution for this.

FYI,
No need of changing anything in struts.xml file, tag of struts2 automatically prevents CSS attacks.Just replace your expression language with tag in your jsp page.
Ex. If I have use ${employeeName} in my jsp page ,replace it with .It works

My problem is solved.Thanks for those who tried :smile:.

But still following is unsolved?? Give a try for this:

Oops !! 馃槼 .
Replace , with in previous mail to view properly
Kaustubh Katdare
Kaustubh Katdare 路 Nov 27, 2008
Rank A1 - PRO
There is an option to 'disable smilies' in advance editing mode 馃榾
shalini_goel14
shalini_goel14 路 Nov 27, 2008
Rank A3 - PRO
Oh ..Thanks for the info., I was not aware of it.I will take care of it in future.馃榾

You must log-in or sign-up to reply to this post.

Click to Log-In or Sign-Up