开发者

How to use getParameter in jsp the safe way

I'm using getParameter to get content from URL to the page.

<p>name <%= request.getParameter("name") %></p>

What co开发者_Python百科ntent schould I avoid (ex. script tags)?

How should I validate it?

I'm working in JSP.

EDIT:

For today I just strip html tags:

variable.replaceAll("\\<.*?>","");


You should not use scriptlet in jsp its not good practise

<p>name <c:out value='${param.name}'/> </p>

you should take care of XSS attack c:out will escape xml

To escape javascript injection you can Use StringUtils.escapejavaScript()

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜