[WEB SECURITY] HTMLEncoding in textarea in java
mike
mike9966 at rediffmail.com
Tue Sep 9 11:18:48 EDT 2008
Hi,
I have an instance where user supplied data initially stored in the database and later displayed back in the <textarea> field to the browser.
When i try to encode the value using server.encodeHTML, still the script is executing in the browser leading to XSS.
To give an instance,
<bc:textarea name="userdata" id="userdata" (this,255);"'>${addEditConfigurationForm.userdata}</bc:textarea>
kindly let me know how to implement encoding in the instance to mitigate XSS.
Thanks
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080909/ec1fa28b/attachment.html>
More information about the websecurity
mailing list