Sanitizing user input.
807569Jul 7 2006 — edited Jul 12 2006Does anyone have any ideas for sanitizing user input in the Servlet/JSP world without doing it on a field by field basis?
We have a fully developed webapp that does no user input sanitizing and I would like to implement it somehow without ding it for every input field in every form.
We essentially need to be able to escape HTML entities to avoid cross site scripting attacks.
I thought of using a filter but don't know how it would intercept the request and modify the request parameters before hitting already existing code.
Any ideas?
Thanks.