Fixing Cross-site Scripting in Spring MVC
In Spring-MVC, form-tags are used to create jsp page. Spring MVC provides multiple options to encode the html-escape-sequences on server side.
Add to the web.xml file to apply the filter globaly:
<context-param> <param-name>defaultHtmlEscape</param-name> <param-value>true</param-value> </context-param>
At page level, it is defined as a tag-declaration. The code is:
<spring:htmlEscape defaultHtmlEscape="true" />
need to fix
how to set java config for the filter globaly?