How to convert unsafe strings into safe strings for preventing XSS attacks?
843841Jan 9 2008 — edited Jan 10 2008Hi,
for the last thirty minutes I searched the Internet for an easy and totally safe method for encoding strings before inserting it into the response. Usually this is done by an html encoding function - but it looks like Java does not have such a function and the implementations I found on did not look as they would withstand a real hacker.
As any J2EE application that displays user generated content requires such a function, there have to be such a function - otherwise all J2EE applications would be vulnerable to XSS attacks.
Could someone please show to me where to find such an encoding function?