How to sanitise request body in spring boot if some attributes contain these values

27 Views Asked by Divya At 30 March 2024 at 21:02

Is there any library available to encode these if present as values eg. can be html attributes, js events, scripts, expressions evaluating to true? Though it should escape values like ">50000" or "<232" i.e any "</>" used with numeric values. Or how to encode these based on whitelisting etc?

<script>alert(1709881302027)</scipt>;
<script /**/>/**/alert(1709881242160)/**/</script /**/
<IMG onmouseover="alert('xxs')">
&gt;&lt;script&gt;alert(1709881242161)&lt;/script&gt;
%3Cscript%3Ealert%281%29%3C%2Fscript%3E1709881242161
javascript:alert(1709881302029)
1 OR 1=1 ; -- OR 1 OR 1=1 ;
' OR '1'='1
1 OR 1=1;

In case of owasp library it also encodes all the presence of <,' etc even if they are not html attributes or js events.

Original Q&A

There are 1 best solutions below

Malvin Lok On 31 March 2024 at 02:53

I am assuming you are referring to XSS problem?

But no XSS defenses are perfect. Maybe you could try:

OWASP Java HTML Sanitizer

How to sanitise request body in spring boot if some attributes contain these values

There are 1 best solutions below

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in XSS

Related Questions in ENCODE

Related Questions in SANITIZATION

Trending Questions

Popular # Hahtags

Popular Questions