[ migration ] WLS -> GF : GF equivalent method for weblogic.servlet.security.Utils.encodeXSS

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Sekhar Vajjhala <Sekhar.Vajjhala_at_Sun.COM>
Date: Fri, 28 Mar 2008 14:11:06 -0400

|WLS supports the following method||.
What is the GF equivalent method ?

The method is weblogic.servlet.security.Utils.encodeXSS .
See [1] for more detailed information. But here is a summary.

It replaces the HTML special characters such as "<" with
< (entity/char references). The use case is to prevent
cross scripting security vulnerability defined in
http://www.cert.org/tech_tips/malicious_code_mitigation.html .

And the following is an example of how to use it.

||<%= weblogic.servlet.security.Utils.encodeXSS(
request.getParameter("userInput"))%>

Sekhar

[1] http://edocs.bea.com/wls/docs81/jsp/reference.html#65144

||

|||