Hi
What are the recommendations to deal with cross-site scripting in struts?
I'm got an app that a use can access at a URL , let's call it
http://localhost/myapplication , now doing something like
http://localhost/myapplication/applicationInit.do?mode=<script>alert(document.cookie)</script>
reveals a pop-up box containing the currently set cookies.
How can I block that from happening?Is there a way of encoding a form bean?Please help
as this is critical to the app.
jeff mutonho
---------------------------------
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
