Breeding: java - Howto sanitize inputs -

Friday, 15 May 2015

java - Howto sanitize inputs -

i willing utilize "owasp esapi java" sanitize users inputs when submits forms in tomcat webapp.

i used utilize org.apache.commons.lang.stringescapeutils this:

public static string myescapehtml(string s) {     string s_escapedstring = null;            s_escapedstring = stringescapeutils.escapehtml(s);      homecoming s_escapedstring; }

i don't know anymore if plenty protect webapp "reasonably"...

i know lines of code should write utilize owasp esapi sanitize tomcat webapp user inputs.

can give illustration in 1 or several esapi "filters" (escaping?, encoding? ...) applied string sanitize it?

the backend rdbms postgresql.

the tomcat server can either be running on linux server or on windows server.

thank , best regards.

for input validation, you'll utilize this api. if want define own validation rules in validation.properties, technique demonstrated when this question asked.

for output escaping, that's quite easier. preferably when inserting info object sent presentation layer, you'll want utilize string output = esapi.encoder().escapeforhtml(string s); methods. total list of methods defined here.

java input sanitize owasp esapi

Breeding

Friday, 15 May 2015

java - Howto sanitize inputs -

No comments:

Post a Comment