2014-11-19 4:57 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>: > Hello, > We are using Struts 2.3.16.3 for our application. Due to security > reasons, we need to "clean" the user's input in order to avoid XSS. We are > using JSoup for that, with success( > http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer). > > The issues is that we haven't find a really good way to integrate it with > Struts. Basically we need to pass every String parameter through JSoup to > sanitize it, and right now we are doing it manully on the execute method of > the action, after the parameters have been loaded in the action and > validated. We would like to do it automatically when the parametes are set > in the action. In the normal actions we can do it in the getter, but some > actions have java beans for parameters, and we don't want to integrate the > Jsoup call in the bean methods. Any suggestions about how to do this?
You can override ParametersInterceptor's retrieveParameters(ActionContext ac) method and then build your custom stack. Or you can develop custom interceptor and put it on the top of your stack and do ActionContext.get/setParameters() in intercept() method. Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
