Thanks for the reply. I agree that this can be done on the FE but we wanted to make our api XSS attack proof.
I was looking for something that would automatically escape Html/script tags when json payload is received.
One optionis tagging each and every domain field individually to escape html but that looks like such an task.
regards
________________________________
From: Navin Desai
Sent: 20 January 2014 15:08
To: users_at_jersey.java.net
Subject: XSS attack prevention
Hi,
We have some issues regarding XSS attack prevention for our Jersey rest api. We are using Jersey version : 1.17.1.
We would like to know whether Jersey provides any mechanism to block XSS attack specially when use JSON payloads. Is there any mechanism to escape html and scrpit tags in the JSON payload?
If not in 1.17.1 is there any such mechanis in Jersey 2 ?
regards
This e-mail has been scanned for all viruses by Star.