Hi!
There isn't any easy way to protect against XSS attacks and I don't
know of any Servlet containers that would offer you any solutions to
this. But there's a nice library called OWASP AntiSamy that you could
use to validate user input:
http://code.google.com/p/owaspantisamy/
If you don't
Ah, this looks interesting. So I might construct a filter that passes all
parameters through the AntiSamy object's scan method, and simply overwrite
the value of each one with the resulting getCleanHTML() method?
Is it that simple or am I missing something?
-a
-Original Message-