I am working on web application using spring mvc framework, I wanted to know is there any best way to sanitize user inputs or common method to sanitize all the user inputs in springs to avoid XSS and Sql Injection attacks?
You can use Filters
in Spring framework to clean your forms. Filters will fetch all your request attributes and clean them all before processing the request. Another option is to use JSoup
API's. visit following links to know more.
Filter approach to prevent XSS threat
EDIT :
Read OWASP sheets to know how to avoid XSS and SQL injection.
OWASP - prevention of SQL injection
Take a look at HDIV which integrates with spring 3.1, it has out-of-the-box support for XSS, CSRF, Data Integrity Checks.