View xss-filter.xml
<filter>
<filter-name>XSS</filter-name>
<display-name>XSS</display-name>
<description></description>
<filter-class>com.filter.CrossScriptingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>XSS</filter-name>
<url-pattern>/*</url-pattern>
View RequestWrapper.java
package com.filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.log4j.Logger;
public final class RequestWrapper extends HttpServletRequestWrapper {
private static Logger logger = Logger.getLogger(RequestWrapper.class);
public RequestWrapper(HttpServletRequest servletRequest) {
View CrossScriptingFilter.java
package com.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
View form-html-escape.xml
<form:input path="name" htmlEscape="true" />
View spring-html-escape.xml
<spring:htmlEscape defaultHtmlEscape="true" />
View context-params-xss.xml
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
View spring-form-html-escaped.jsp
<form id="personForm">
<input type="text" name="name" value="&quot;&gt;Hacker&lt;script&gt;alert(&quot;I am destroyer&quot;);&lt;/script&gt;"/>
<input type="submit" value="Submit">
</form>
View spring-form.jsp
<form:form id="personForm">
<form:input path="name" />
<input type="submit" value="Submit">
</form:form>
View HashMapAdd
public class HashMap<K,V>
extends AbstractMap<K,V>
implements Map<K,V>, Cloneable, Serializable
{
public V put(K key, V value) {
if(key is already present in map) {
return oldValue;
}
View HashSet
public class HashSet<E>
extends AbstractSet<E>
implements Set<E>, Cloneable, java.io.Serializable
{
private transient HashMap<E,Object> map;
// Dummy value to associate with an Object in the backing Map
private static final Object PRESENT = new Object();