Spring - MVC - Sanitize URL before redisplaying to the user
Posted
by
Raghav
on Stack Overflow
See other posts from Stack Overflow
or by Raghav
Published on 2012-03-21T21:58:01Z
Indexed on
2012/03/21
23:29 UTC
Read the original article
Hit count: 347
In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization.
Example: http://www.example.com/welcome<script>alert("hi")</script>
The issue is sanitizing external input entered directly into address bar by modifying existing GET URL. Spring redisplays the submitted URL as it is.
Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user
Reference: Spring MVC application filtering HTML in URL - Is this a security issue?
© Stack Overflow or respective owner