java


Java server side validation for HTML and other invalid inputs


How can I prevent user from entering HTML or Java script tags in input type in Spring MVC? There should be a server side validation. I am working on a project with thousands of JSPs and controllers. How can I do this?
If you want a server side solution, you could implement a redirect filter that eliminates everything that contains javascript tags and javascript code. Another way is to check the input values in the controller's method that is associated with it.
You probably have to redesign a few things. First, you should always validate the user input twice: once client-side, once server-side.
Thus, you will need to validate the user input in your JavaScript code (using a Regexp probably), and to validate it again in your Java code.
If your application follow the usual design patterns, your controller receives a DTO as a parameter to the entry-point. There you can use the #Valid annotation and add all the necessary rules on the fields of your DTO (using javax.validation annotations).
While there may be many possible answers, one of them is using JSR 303 validator framework.
You can include hibernate validator to use JSR 303 framework.
First step is applying different type of constraint on your class. For example
example taken from : Hibernate Validator - Reference - 1.2. Applying constraints
package org.hibernate.validator.referenceguide.chapter01;
import javax.validation.constraints.Min;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
public class Car {
#NotNull //manufacturer must never be null
private String manufacturer;
#NotNull
#Size(min = 2, max = 14) //licensePlate must never be null and must be between 2 and 14 characters long
private String licensePlate;
#Min(2)
private int seatCount; //seatCount must be at least 2
//getters and setters ...
}
Now in your controller, use #Valid annotation to validate your car object and also pass a BindingResult parameter, that will validate whether this object is valid or not
#Controller
#RequestMapping("/car")
public class CarController {
#RequestMapping(value = "/newcar", method = RequestMethod.POST)
public String addCustomer(#Valid Car car, BindingResult result) {
if (result.hasErrors()) {
//car data is not valid, enter data again
return "AddNewCar.jsp";
} else {
//save car logic here
return "CarSavedSuccessfully.jsp";
}
}
}

Related Links

Why am I getting this JspException?
Making android listview layout scrollable
Running a class from within a jar using ant
Get internal byte array from ByteArrayInputStream
How to extract images from pdf using Java (not using pdfbox)
Detect frequency of audio input - Java?
Maven release using Hudson. Release succeeds, But Hudson stays red
Problems when sending XML data from HTTP Java client to a servlet with HttpURLConnection
Something like “contains any” in HQL
java.io.RandomAccessFile Invalid Argument for large files on mac
Regex implementation with event driven matches?
Java Hashmap/Hashtable and numbering
Is it possible to automate excel from a java applet running in full trust?
Java: Hibernate does not see changes in DataBase
convert latitude and longitude to northing and easting in java?
Java Process InputStream bug?

Categories

HOME
log4j
wso2
magnific-popup
fluentd
webstorm
framework7
rubygems
v8
ip
adfs
gorm
maude-system
vifm
spring-xd
postgres-xl
spring-tool-suite
remote-access
orchardcms
decimal
libtiff
connection-string
restful-authentication
hammerspoon
smb
publish
elasticsearch-ruby
opentype
jaxb2
objectanimator
yadcf
key-value-observing
ioio
code-contracts
y86
overriding
io-redirection
main
dartium
swift3.0.2
libraries
graphenedb
texmaker
keydown
.net-4.6.2
youcompleteme
python-webbrowser
ionicons
dropbox-php
elgg
brightcove
setter
sybase-asa
pillow
mako
arrow-keys
android-textview
url-masking
bstr
websitepanel
jwplayer7
connect-by
bgp
php-parse-error
goose
xna-4.0
intellij-14
wireshark-dissector
drawbitmap
service-accounts
myo
apache-commons-fileupload
sortedlist
unity5.2.3
dereference
jsapi
npapi
csquery
system.reflection
rake-task
ng-animate
nstableviewcell
tt-news
codeigniter-routing
wordpress-theme-customize
php-5.4
system.net.webexception
valuechangelistener
centos5
oam
google-cloud-save
dataservice
eventual-consistency
xamlparseexception
dmoz
quickdialog
armcc
javaspaces
onsubmit
parametric-equations
wse3.0
windows-phone-7.1.1
subscript
php-parser
horizontal-accordion
yetanotherforum
appender
sql-server-profiler
asp.net-mvc-areas
castle-monorail
yagni
aquaticprime
post-build

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile