Security problems using Spring JsonView - How do I escape the javascript or HTML

I'm now using spring json view to generate some the outputs. To avoid XSS attacks, we sometimes need to filter the output, escaping javascripts and HTML tags. What is the best way to do it with Spring json view? Do I have to write my own JsonViewWriter or can I simply use sojoJsonWriter and jsonlibJsonWriter with some extra configurations?

Any suggestion 开发者_如何学JAVAwill be appreciated!

John

Not sure which Json View you're referring to (there are several), but if it's the "official" one "org.springframework.web.servlet.view.json.MappingJacksonJsonView" you can do it in two ways: 1 - use jackson annotations on your specific data types to customize the serialization 2- write a custom org.codehaus.jackson.map.JsonSerializer which does what you want and plug it in the factory used by your object mapper