Sanitizing user inputs with Spring MVC framework

spring-mvc spring-security xss sql-injection
Kishan_KP picture Kishan_KP · Mar 27, 2013 · Viewed 22.5k times · Source

I am working on web application using spring mvc framework, I wanted to know is there any best way to sanitize user inputs or common method to sanitize all the user inputs in springs to avoid XSS and Sql Injection attacks?

Answer

Jeevan Patil picture Jeevan Patil · Mar 27, 2013

You can use Filters in Spring framework to clean your forms. Filters will fetch all your request attributes and clean them all before processing the request. Another option is to use JSoup API's. visit following links to know more.

JSoup XSS Api's

Filter approach to prevent XSS threat

EDIT :

Read OWASP sheets to know how to avoid XSS and SQL injection.

OWASP - prevention of XSS

OWASP - prevention of SQL injection

Take a look at HDIV which integrates with spring 3.1, it has out-of-the-box support for XSS, CSRF, Data Integrity Checks.

Related questions

How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.horariolivre.…

Read More
How do I get the Session Object in Spring?

I am relatively new to Spring and Spring security. I was attempting to write a program where I needed to authenticate a user at the server end using Spring security, I came up with the following: public class CustomAuthenticationProvider extends …

Read More
When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?

I have a Spring MVC web app which uses Spring Security. I want to know the username of the currently logged in user. I'm using the code snippet given below . Is this the accepted way? I don't like having a …

Read More