java
Java server side validation for HTML and other invalid inputs
How can I prevent user from entering HTML or Java script tags in input type in Spring MVC? There should be a server side validation. I am working on a project with thousands of JSPs and controllers. How can I do this?
If you want a server side solution, you could implement a redirect filter that eliminates everything that contains javascript tags and javascript code. Another way is to check the input values in the controller's method that is associated with it.
You probably have to redesign a few things. First, you should always validate the user input twice: once client-side, once server-side. Thus, you will need to validate the user input in your JavaScript code (using a Regexp probably), and to validate it again in your Java code. If your application follow the usual design patterns, your controller receives a DTO as a parameter to the entry-point. There you can use the #Valid annotation and add all the necessary rules on the fields of your DTO (using javax.validation annotations).
While there may be many possible answers, one of them is using JSR 303 validator framework.
You can include hibernate validator to use JSR 303 framework.
First step is applying different type of constraint on your class. For example
example taken from : Hibernate Validator - Reference - 1.2. Applying constraints
package org.hibernate.validator.referenceguide.chapter01;
import javax.validation.constraints.Min;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
public class Car {
#NotNull //manufacturer must never be null
private String manufacturer;
#NotNull
#Size(min = 2, max = 14) //licensePlate must never be null and must be between 2 and 14 characters long
private String licensePlate;
#Min(2)
private int seatCount; //seatCount must be at least 2
//getters and setters ...
}
Now in your controller, use #Valid annotation to validate your car object and also pass a BindingResult parameter, that will validate whether this object is valid or not
#Controller
#RequestMapping("/car")
public class CarController {
#RequestMapping(value = "/newcar", method = RequestMethod.POST)
public String addCustomer(#Valid Car car, BindingResult result) {
if (result.hasErrors()) {
//car data is not valid, enter data again
return "AddNewCar.jsp";
} else {
//save car logic here
return "CarSavedSuccessfully.jsp";
}
}
}
Related Links
Why am I getting this JspException?
Making android listview layout scrollable
Running a class from within a jar using ant
Get internal byte array from ByteArrayInputStream
How to extract images from pdf using Java (not using pdfbox)
Detect frequency of audio input - Java?
Maven release using Hudson. Release succeeds, But Hudson stays red
Problems when sending XML data from HTTP Java client to a servlet with HttpURLConnection
Something like “contains any” in HQL
java.io.RandomAccessFile Invalid Argument for large files on mac
Regex implementation with event driven matches?
Java Hashmap/Hashtable and numbering
Is it possible to automate excel from a java applet running in full trust?
Java: Hibernate does not see changes in DataBase
convert latitude and longitude to northing and easting in java?
Java Process InputStream bug?