Hey egetchell, Don't know weather that's your name but any way. I don't know this is the solution you are looking for <field name="nameOfTheField"> <field-validator type="typeOfValidator"> <message key="error.validation.regexp"/> </field-validator> </field>
Now you need to map the validator, Put a validators.xml in resources folder, same folder as struts.xml exist <validators> <validator name=" typeOfValidator " class="package.ClassName"/> </validators> ClassName should extend RegexFieldValidator Override validate method, do what ever you want there. This should work. Regards, Jishnu Viswanath Software Engineer *(+9180)41190300 - 222(Ext) ll * ( + 91 ) 9731209330ll Tavant Technologies Inc., www.tavant.com PEOPLE :: PASSION :: EXCELLENCE -----Original Message----- From: egetchell [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 8:02 PM To: user@struts.apache.org Subject: Re: Using POSIX Regular Expressions for Internationalized Validation Greg, Thanks for the reply. The common approach for mitigating XSS is to provide a blacklist of XSS enabling characters, enables would include "<", ">", "%3f", etc. However, these filters are easily bypassed by clever encoding constructs, so the blacklist concept quickly fails and the site is open for attack. By inverting the solution and supplying only the allowed set of characters, the site remains secure no matter what clever encoding scheme someone dreams up. The OWASP group provides some pretty extensive documentation around this. Here is a direct link to some common validation strategies: http://www.owasp.org/index.php/Data_Validation#Data_Validation_Strategie s Their document, as a whole, is a very intereseting read. Greg Lindholm wrote: > > Sorry, I've never heard of whitelisting of allowable characters as being a > "normal" approach. <Remainder Removed> > -- View this message in context: http://www.nabble.com/Using-POSIX-Regular-Expressions-for-Internationali zed-Validation-tp19844314p19859522.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any comments or statements made in this email are not necessarily those of Tavant Technologies. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete the material from any computer. All e-mails sent from or to Tavant Technologies may be subject to our monitoring procedures. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]