Sanitizing user inputs with Spring MVC framework

Kishan_KP picture Kishan_KP · Mar 27, 2013 · Viewed 22.5k times · Source

I am working on web application using spring mvc framework, I wanted to know is there any best way to sanitize user inputs or common method to sanitize all the user inputs in springs to avoid XSS and Sql Injection attacks?

Answer

Jeevan Patil picture Jeevan Patil · Mar 27, 2013

You can use Filters in Spring framework to clean your forms. Filters will fetch all your request attributes and clean them all before processing the request. Another option is to use JSoup API's. visit following links to know more.

JSoup XSS Api's

Filter approach to prevent XSS threat

EDIT :

Read OWASP sheets to know how to avoid XSS and SQL injection.

OWASP - prevention of XSS

OWASP - prevention of SQL injection

Take a look at HDIV which integrates with spring 3.1, it has out-of-the-box support for XSS, CSRF, Data Integrity Checks.