Stripes XSS Interceptor

Secures Stripes applications against XSS (Cross Site Scripting) attacks.

License

License

Categories

Categories

Stripe Business Logic Libraries Financial
GroupId

GroupId

com.samaxes.stripes
ArtifactId

ArtifactId

stripesafe
Last Version

Last Version

1.0.1
Release Date

Release Date

Type

Type

jar
Description

Description

Stripes XSS Interceptor
Secures Stripes applications against XSS (Cross Site Scripting) attacks.
Project URL

Project URL

https://github.com/StripesFramework/stripes-xss
Project Organization

Project Organization

samaxes
Source Code Management

Source Code Management

http://github.com/StripesFramework/stripes-xss

Download stripesafe

How to add to project

<!-- https://jarcasting.com/artifacts/com.samaxes.stripes/stripesafe/ -->
<dependency>
    <groupId>com.samaxes.stripes</groupId>
    <artifactId>stripesafe</artifactId>
    <version>1.0.1</version>
</dependency>
// https://jarcasting.com/artifacts/com.samaxes.stripes/stripesafe/
implementation 'com.samaxes.stripes:stripesafe:1.0.1'
// https://jarcasting.com/artifacts/com.samaxes.stripes/stripesafe/
implementation ("com.samaxes.stripes:stripesafe:1.0.1")
'com.samaxes.stripes:stripesafe:jar:1.0.1'
<dependency org="com.samaxes.stripes" name="stripesafe" rev="1.0.1">
  <artifact name="stripesafe" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.samaxes.stripes', module='stripesafe', version='1.0.1')
)
libraryDependencies += "com.samaxes.stripes" % "stripesafe" % "1.0.1"
[com.samaxes.stripes/stripesafe "1.0.1"]

Dependencies

compile (1)

Group / Artifact Type Version
net.sourceforge.stripes : stripes Optional jar 1.5.7

provided (1)

Group / Artifact Type Version
javax.servlet : servlet-api jar 2.5

Project Modules

There are no modules declared in this project.

Stripes XSS Interceptor

Stripes XSS Interceptor escapes all the parameters that Stripes binds during its Validation & Binding phase using a wrapped request object (a convenient implementation of the HttpServletRequest interface). The code follows the XSS (Cross Site Scripting) security guidance posted at Open Web Application Security Project (OWASP).

NOTE: Parameters gotten manually through request.getParameter() are not sanitized.

This project is an update of the excellent XSS filter from Jeff Ferber and contain the following changes:

Configuration

Maven Configuration

Add Stripes XSS Interceptor dependency to your project:

<dependency>
    <groupId>com.samaxes.stripes</groupId>
    <artifactId>stripesafe</artifactId>
    <version>VERSION</version>
</dependency>

Stripes filter configuration

Add Stripes XSS Interceptor to Stripes filter Extension.Packages configuration in web.xml:

<init-param>
    <param-name>Extension.Packages</param-name>
    <param-value>com.samaxes.stripes.xss</param-value>
</init-param>

License

This distribution is licensed under the terms of the Apache License, Version 2.0 (see LICENSE.txt).

com.samaxes.stripes

Stripes Framework

Versions

Version
1.0.1
1.0