This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<bean id="dataSource" class="org.apache.tomcat.jdbc.pool.DataSource" destroy-method="close"> | |
<property name="driverClassName" value="${jdbc.driverClassName}" /> | |
<property name="url" value="${jdbc.url}" /> | |
<property name="username" value="${jdbc.username}" /> | |
<property name="password" value="${jdbc.password}" /> | |
<property name="initialSize" value="10"/> | |
<property name="maxActive" value="50"/> | |
<property name="maxIdle" value="10" /> | |
<property name="maxWait" value="100"/> | |
<property name="name" value="Tomcat Connection Pool" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<dependency> | |
<groupId>org.apache.tomcat</groupId> | |
<artifactId>tomcat-jdbc</artifactId> | |
<version>7.0.79</version> | |
</dependency> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<filter> | |
<filter-name>XSS</filter-name> | |
<display-name>XSS</display-name> | |
<description></description> | |
<filter-class>com.filter.CrossScriptingFilter</filter-class> | |
</filter> | |
<filter-mapping> | |
<filter-name>XSS</filter-name> | |
<url-pattern>/*</url-pattern> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.filter; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletRequestWrapper; | |
import org.apache.log4j.Logger; | |
public final class RequestWrapper extends HttpServletRequestWrapper { | |
private static Logger logger = Logger.getLogger(RequestWrapper.class); | |
public RequestWrapper(HttpServletRequest servletRequest) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.filter; | |
import java.io.IOException; | |
import javax.servlet.Filter; | |
import javax.servlet.FilterChain; | |
import javax.servlet.FilterConfig; | |
import javax.servlet.ServletException; | |
import javax.servlet.ServletRequest; | |
import javax.servlet.ServletResponse; | |
import javax.servlet.http.HttpServletRequest; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<form:input path="name" htmlEscape="true" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<spring:htmlEscape defaultHtmlEscape="true" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<context-param> | |
<param-name>defaultHtmlEscape</param-name> | |
<param-value>true</param-value> | |
</context-param> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<form id="personForm"> | |
<input type="text" name="name" value="">Hacker<script>alert("I am destroyer");</script>"/> | |
<input type="submit" value="Submit"> | |
</form> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<form:form id="personForm"> | |
<form:input path="name" /> | |
<input type="submit" value="Submit"> | |
</form:form> |