Sverre Huseby examines some security issues with Spring-MVC. As it turns out, the Spring JSP form-taglib provide no HTML-escaping by default, making it very easy to get Cross-Site Scripting vulnerabilities included in the code. The article comes complete with a standalone application that illustrates the problem.
-
Anders Furseth
-
Johannes Brodwall
-
Mr. Senseless Talker
-
Johannes Brodwall
-
Anders Furseth
-
Mr. Senseless Talker
-
Sverre
-
Sverre
-
Kukenspeil
-
Kukenspeil