Adib Saikali opened SPR-9823 and commented
Protecting against XSS attacks when building restful web services in Spring MVC is important. Currently as of version 3.1 this has to be done manually. It would be highly useful to have a set of annotations that can be put onto objects that are the result of message convertors which will cause the string in those objects to go through a standard HTML sanitizer framework such as, http://code.google.com/p/owasp-java-html-sanitizer/
I propose something along the lines of.
@RequestMapping(... etc)
public @ResponseBody @HtmlSanitize ResponseJson post(@RequestBody @HtmlSanitize RequestJosn) {
// method code
}
{/noformat}
Integration of XSS sanitization into SpringMVC would benifit everyone that uses SpringMVC. Spring MVC can create some sort of plug-gable solution so that the solution is not tied to a single sanitization framework or a single data format.
2 votes, 4 watchers
Comment From: spring-projects-issues
Bulk closing outdated, unresolved issues. Please, reopen if still relevant.
Comment From: Blackbaud-JasonBodnar
This is still relevant and needed.