Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a situation where users can submit feedback through a textarea on a HTML page or JSP. This works fine and the text ends up in the database.
But, can anyone suggest any safeguards which could prevent somebody trying to submit malicious scripts which could possibly affect the page’s behaviour?
I am aware of parsing the text entered and converting any < to ‘<’; and > to ‘>’; But is there anything more I could do to validate the entered text?
Thanks
Mr Morgan
Check this out:
Recommended method for escaping HTML in Java
See Apache StringEscapeUtils
escapeJavaScript
and
escapeHtml