开发者

I'm looking for set of good practices to secure html form handle

开发者 https://www.devze.com 2023-02-01 15:36 出处:网络
In my web app the input from html forms goes to a database and then to html (like forums or comments).

In my web app the input from html forms goes to a database and then to html (like forums or comments).

I want to know how should I secure my web app? 开发者_运维知识库Which characters (html tags) should I remove from the textarea?

My web app is in Spring MVC, but rules may be more general.


If you use

<c:out value="text" />

core tag it will escape characters and they won't be interpreted as html code. It has an attribute called escapeXml which can be true or false to escape characters, but it is true by default.

0

精彩评论

暂无评论...
验证码 换一张
取 消