Jspstruts filters xss attacks.

Jspstruts filters xss attacks.

How to filter xss attacks using JSP Struts

This solution uses the struts2 Interceptor to filter and transcode the submitted parameters.

Configure struts. xml

<Package name = "default" namespace = "/" extends = "struts-default, json-default"> <! -- Configure interceptor --> <interceptors> <! -- Define the xss interceptor --> <interceptor name = "xssInterceptor" class = "... enter the interceptor class name here"> </interceptor> <! -- Define an interception stack containing xss --> <interceptor-stack name = "myDefault"> <interceptor-ref name = "xssInterceptor"> </interceptor-ref> <interceptor- ref name = "defaultStack"> </interceptor-ref> </interceptor-stack> </interceptors> <! -- This must be configured, otherwise the interceptor will not take effect --> <default-interceptor-ref name = "myDefault"> </default-interceptor-ref> <action>... n actions are omitted here </action> </package>

Java code and interceptor implementation class

Import java. util. map; import org. apache. commons. lang3.StringEscapeUtils; import com. opensymphony. xwork2.ActionContext; import com. opensymphony. xwork2.ActionInvocation; import com. opensymphony. xwork2.interceptor. abstractInterceptor; public class XssInterceptor extends actinterceptor {@ Override public String intercept (ActionInvocation invocation) throws Exception {// TODO Auto-generated method stub ActionContext actionContext = invocation. getInvocationContext (); Map <String, Object> map = actionContext. getParameters (); for (Map. entry <String, Object> entry: map. entrySet () {String value = (String []) (entry. getValue () [0]; entry. setValue (StringEscapeUtils. escapeHtml4 (value); // transcode the submitted string // System. out. println (entry. getValue ();} return invocation. invoke ();}}

Thank you for reading this article. I hope it will help you. Thank you for your support for this site!