Hi all, I post this as I had some headaches finding the proper solution and it seems that nobody posted a similar approach here....
First step in AppModule.java: public static void bind(ServiceBinder binder) { binder.bind(RequestFilter.class, XSSRequestFilterImpl.class).withId("XSSRequestFilter"); } /* * XSS Filtering */ @Contribute(RequestHandler.class) public static void requestHandler(OrderedConfiguration<RequestFilter> configuration, @InjectService("XSSRequestFilter") RequestFilter xssFilter) { configuration.add("XSSRequestFilter", xssFilter, "after:StaticFiles", "before:StoreIntoGlobals"); } Second step, you can take a look at the XSSRequestFilterImpl class : http://code.google.com/p/theorcs/source/browse/trunk/core/src/main/java/org/libermundi/theorcs/core/tapestry/services/xss/XSSRequestFilterImpl.java And then XSSRequestWrapper class : http://code.google.com/p/theorcs/source/browse/trunk/core/src/main/java/org/libermundi/theorcs/core/tapestry/services/xss/XSSRequestWrapper.java The code of the Wrapper is inspired from this article : http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/ But I slighly changed it in order to allow people to use Rich Text that includes images. Hope this will be usefull to someone :) ALso if you have any feedback, feel free to share. Martin -- View this message in context: http://tapestry.1045711.n5.nabble.com/Sharing-How-to-setup-a-Global-XSS-Filter-in-Tapestry-5-tp5715533.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org