Hello,
I have received word that there is some trouble with my signature,
so I send the mail again, this time without it.
Best regards,
Simon Kulessa.
---
Hello,
I have written my own component to display messages inside a jsf page.
The component is based on the tr:messages Element.
My implementation of the renderer uses the following code to write the
message into the page.
//ResponseWriter writer
for(FacesMessage msg : messages) {
writer.startElement("li", null);
String summary = msg.getSummary();
// add something to prevent xss attacks here
writer.write(summary);
writer.endElement("li");
}
The bad thing is that msg.getSummary() can contain JavaScript code -
which will be executed if the page is rendered. I need to add some
kind of prevention against this behaviour.
I assume that Trinidad offers some mechanisms to prevent
these kind of attacks. Can someone give me some hints?
Best regards,
Simon Kulessa.
--
Diplom Informatiker Simon Kulessa
FlexSecure GmbH
Industriestr. 12
D - 64297 Darmstadt
Tel: +49 (0) 6151 501 23-15
Fax: +49 (0) 6151 501 23-19
E-Mail:kule...@flexsecure.de
Internet:www.flexsecure.de
Geschäftsführer:
Erwin Stallenberger, Markus Ruppert
Amtsgericht Darmstadt HRB 8036
Umsatzsteuernummer: DE 214745269
