Fixing Cross-site Scripting in Java

Posted on May 1, 2012July 12, 2019 by Yash

Use when the parameter is being echoed:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<p>Welcome <c:out value="${user.name}" /></p>

Use while taking the user input:

<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<input name="username" value="${fn:escapeXml(param.username)}">

About Yash

2 thoughts on “Fixing Cross-site Scripting in Java”

Pingback: How to Fix Cross-site Scripting Vulnerabilities : Secure Coding Blog
Venkatesh says:

July 3, 2015 at 7:25 pm

I want solution for the above samples

Reply

Leave a Reply Cancel reply