Skip to main content

Cleaning the servlet requests from Html Injection

Posted by felipegaucho on November 2, 2005 at 10:53 AM PST

Holiday in Brazil, a good moment to taste crabs aperitifs on the sunny beach and to fix some old issues in the code of my Open Source projects. Some of these issues had revealed subtle gaps in our traditional programming - like the Web Application Security Vulnerabilities. Reviewing the code of Cejug-Classifieds, I noted the lack of control over Html Injection and I decided to dedicate my afternoon working around to fix that gap. This blog entry describe my first effort in order to reinforce the security of the code of my project, and it should evolve in the next weeks. It is an opportunity to share with you my project decisions and also a hope in order to learn more about that.

Reading the excellent paper of Stephen Enright, I started to design a general solution to Html injection - adapting the paper tips to the patterns I

Related Topics >>