I assume this is only a problem when you feed it into a browser (since
Jersey will not execute the JS itself). As such, I would either sanitize
the code on the browser (whenever it reaches the client) or run a JS
library from within the server that does the same.
Meaning, I don't know if Jersey handles this but I'm not sure it's
necessarily Jersey's place to do so (meaning, Jersey should handle REST
and external libraries should handle data processing as much as possible).
Gili
On 20/01/2014 10:08 AM, Navin Desai wrote:
> Hi,
>
> We have some issues regarding XSS attack prevention for our Jersey
> rest api. We are using Jersey version : 1.17.1.
>
> We would like to know whether Jersey provides any mechanism to block
> XSS attack specially when use JSON payloads. Is there any mechanism to
> escape html and scrpit tags in the JSON payload?
>
> If not in 1.17.1 is there any such mechanis in Jersey 2 ?
>
> regards
>
>
> This e-mail has been scanned for all viruses by Star.