开发者

Security problems using Spring JsonView - How do I escape the javascript or HTML

开发者 https://www.devze.com 2023-01-28 16:24 出处:网络
I\'m now using spring json view to generate some the outputs. To avoid XSS attacks, we sometimes need to filter the output, escaping javascripts and HTML tags. What is the best way to do it with Sprin

I'm now using spring json view to generate some the outputs. To avoid XSS attacks, we sometimes need to filter the output, escaping javascripts and HTML tags. What is the best way to do it with Spring json view? Do I have to write my own JsonViewWriter or can I simply use sojoJsonWriter and jsonlibJsonWriter with some extra configurations?

Any suggestion 开发者_如何学JAVAwill be appreciated!

John


Not sure which Json View you're referring to (there are several), but if it's the "official" one "org.springframework.web.servlet.view.json.MappingJacksonJsonView" you can do it in two ways: 1 - use jackson annotations on your specific data types to customize the serialization 2- write a custom org.codehaus.jackson.map.JsonSerializer which does what you want and plug it in the factory used by your object mapper

0

精彩评论

暂无评论...
验证码 换一张
取 消