Hey egetchell,
Don't know weather that's your name but any way.
I don't know this is the solution you are looking for
<field name="nameOfTheField">
<field-validator type="typeOfValidator">
<message key="error.validation.regexp"/>
</field-validator>
</field>
Now you need to map the validator,
Put a validators.xml in resources folder, same folder as struts.xml
exist
<validators>
<validator name=" typeOfValidator " class="package.ClassName"/>
</validators>
ClassName should extend RegexFieldValidator
Override validate method, do what ever you want there. This should work.
Regards,
Jishnu Viswanath
Software Engineer
*(+9180)41190300 - 222(Ext) ll * ( + 91 ) 9731209330ll
Tavant Technologies Inc.,
www.tavant.com
PEOPLE :: PASSION :: EXCELLENCE
-----Original Message-----
From: egetchell [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 8:02 PM
To: user@struts.apache.org
Subject: Re: Using POSIX Regular Expressions for Internationalized
Validation
Greg,
Thanks for the reply.
The common approach for mitigating XSS is to provide a blacklist of XSS
enabling characters, enables would include "<", ">", "%3f", etc.
However,
these filters are easily bypassed by clever encoding constructs, so the
blacklist concept quickly fails and the site is open for attack.
By inverting the solution and supplying only the allowed set of
characters,
the site remains secure no matter what clever encoding scheme someone
dreams
up.
The OWASP group provides some pretty extensive documentation around
this.
Here is a direct link to some common validation strategies:
http://www.owasp.org/index.php/Data_Validation#Data_Validation_Strategie
s
Their document, as a whole, is a very intereseting read.
Greg Lindholm wrote:
>
> Sorry, I've never heard of whitelisting of allowable characters as
being a
> "normal" approach. <Remainder Removed>
>
--
View this message in context:
http://www.nabble.com/Using-POSIX-Regular-Expressions-for-Internationali
zed-Validation-tp19844314p19859522.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Any comments or statements made in this email are not necessarily those of
Tavant Technologies.
The information transmitted is intended only for the person or entity to which
it is addressed and may
contain confidential and/or privileged material. If you have received this in
error, please contact the
sender and delete the material from any computer. All e-mails sent from or to
Tavant Technologies
may be subject to our monitoring procedures.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
