XSS is part of a wider class of attacks (like SQL injection) that are more *output* problems than input problems. There are solutions in the JSP world for escaping content in HTML/XML contexts, just as there are solutions for protecting queries from user-supplied data in the SQL world.
On Tue, Oct 14, 2014 at 3:53 PM, Adam Stokar <ajsto...@gmail.com> wrote: > Hi everyone, > > Does Stripes have an easy way to remove HTML from user input to prevent XSS > attacks? I've googled with no success. > > Thanks, > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > Stripes-users mailing list > Stripes-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/stripes-users > -- Turtle, turtle, on the ground, Pink and shiny, turn around. ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Stripes-users mailing list Stripes-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/stripes-users
