Hi all,
I post this as I had some headaches finding the proper solution and it seems
that nobody posted a similar approach here....
First step in AppModule.java:
public static void bind(ServiceBinder binder) {
binder.bind(RequestFilter.class,
XSSRequestFilterImpl.class).withId("XSSRequestFilter");
}
/*
* XSS Filtering
*/
@Contribute(RequestHandler.class)
public static void requestHandler(OrderedConfiguration<RequestFilter>
configuration,
@InjectService("XSSRequestFilter") RequestFilter xssFilter) {
configuration.add("XSSRequestFilter", xssFilter,
"after:StaticFiles",
"before:StoreIntoGlobals");
}
Second step, you can take a look at the XSSRequestFilterImpl class :
http://code.google.com/p/theorcs/source/browse/trunk/core/src/main/java/org/libermundi/theorcs/core/tapestry/services/xss/XSSRequestFilterImpl.java
And then XSSRequestWrapper class :
http://code.google.com/p/theorcs/source/browse/trunk/core/src/main/java/org/libermundi/theorcs/core/tapestry/services/xss/XSSRequestWrapper.java
The code of the Wrapper is inspired from this article :
http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/
But I slighly changed it in order to allow people to use Rich Text that
includes images.
Hope this will be usefull to someone :)
ALso if you have any feedback, feel free to share.
Martin
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/Sharing-How-to-setup-a-Global-XSS-Filter-in-Tapestry-5-tp5715533.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
