Spring - MVC - Sanitize URL before redisplaying to the user

Posted by Raghav on Stack Overflow See other posts from Stack Overflow or by Raghav
Published on 2012-03-21T21:58:01Z Indexed on 2012/03/21 23:29 UTC
Read the original article Hit count: 347

Filed under:
|
|

In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization.

Example: http://www.example.com/welcome<script>alert("hi")</script>

The issue is sanitizing external input entered directly into address bar by modifying existing GET URL. Spring redisplays the submitted URL as it is.

Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user

Reference: Spring MVC application filtering HTML in URL - Is this a security issue?

© Stack Overflow or respective owner

Related posts about java

Related posts about spring