Spring - MVC - Sanitize URL before redisplaying to the user
- by Raghav
In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization.
Example: http://www.example.com/welcome<script>alert("hi")</script>
The issue is sanitizing external input entered directly into address bar by modifying existing GET URL.
Spring redisplays the submitted URL as it is.
Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user
Reference: Spring MVC application filtering HTML in URL - Is this a security issue?