Hello, I have received word that there is some trouble with my signature, so I send the mail again, this time without it.
Best regards, Simon Kulessa. --- Hello, I have written my own component to display messages inside a jsf page. The component is based on the tr:messages Element. My implementation of the renderer uses the following code to write the message into the page. //ResponseWriter writer for(FacesMessage msg : messages) { writer.startElement("li", null); String summary = msg.getSummary(); // add something to prevent xss attacks here writer.write(summary); writer.endElement("li"); } The bad thing is that msg.getSummary() can contain JavaScript code - which will be executed if the page is rendered. I need to add some kind of prevention against this behaviour. I assume that Trinidad offers some mechanisms to prevent these kind of attacks. Can someone give me some hints? Best regards, Simon Kulessa. -- Diplom Informatiker Simon Kulessa FlexSecure GmbH Industriestr. 12 D - 64297 Darmstadt Tel: +49 (0) 6151 501 23-15 Fax: +49 (0) 6151 501 23-19 E-Mail:kule...@flexsecure.de Internet:www.flexsecure.de Geschäftsführer: Erwin Stallenberger, Markus Ruppert Amtsgericht Darmstadt HRB 8036 Umsatzsteuernummer: DE 214745269