Stripes XSS Interceptor

Secures Stripes applications against XSS (Cross Site Scripting) attacks.

License	License The Apache Software License, Version 2.0
Categories	Categories Stripe Business Logic Libraries Financial
GroupId	GroupId com.samaxes.stripes
ArtifactId	ArtifactId stripesafe
Last Version	Last Version 1.0.1
Release Date	Release Date Nov 11, 2013
Type	Type jar
Description	Description Stripes XSS Interceptor Secures Stripes applications against XSS (Cross Site Scripting) attacks.
Project URL	Project URL https://github.com/StripesFramework/stripes-xss
Project Organization	Project Organization samaxes
Source Code Management	Source Code Management http://github.com/StripesFramework/stripes-xss

Download stripesafe

Filename	Size
stripesafe-1.0.1.pom
stripesafe-1.0.1.jar	4 KB
stripesafe-1.0.1-sources.jar	4 KB
stripesafe-1.0.1-javadoc.jar	31 KB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/com.samaxes.stripes/stripesafe/ -->
<dependency>
    <groupId>com.samaxes.stripes</groupId>
    <artifactId>stripesafe</artifactId>
    <version>1.0.1</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/com.samaxes.stripes/stripesafe/
implementation 'com.samaxes.stripes:stripesafe:1.0.1'

Gradle Kotlin

// https://jarcasting.com/artifacts/com.samaxes.stripes/stripesafe/
implementation ("com.samaxes.stripes:stripesafe:1.0.1")

Apache Buildr

'com.samaxes.stripes:stripesafe:jar:1.0.1'

Apache Ivy

<dependency org="com.samaxes.stripes" name="stripesafe" rev="1.0.1">
  <artifact name="stripesafe" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='com.samaxes.stripes', module='stripesafe', version='1.0.1')
)

Scala SBT

libraryDependencies += "com.samaxes.stripes" % "stripesafe" % "1.0.1"

Leiningen

[com.samaxes.stripes/stripesafe "1.0.1"]

Dependencies

compile (1)

Group / Artifact	Type	Version
net.sourceforge.stripes : stripes Optional	jar	1.5.7

provided (1)

Group / Artifact	Type	Version
javax.servlet : servlet-api	jar	2.5

Project Modules

There are no modules declared in this project.

Stripes XSS Interceptor

Stripes XSS Interceptor escapes all the parameters that Stripes binds during its Validation & Binding phase using a wrapped request object (a convenient implementation of the HttpServletRequest interface). The code follows the XSS (Cross Site Scripting) security guidance posted at Open Web Application Security Project (OWASP).

NOTE: Parameters gotten manually through request.getParameter() are not sanitized.

This project is an update of the excellent XSS filter from Jeff Ferber and contain the following changes:

All external dependencies have been removed except for Servlet API and Stripes Framework.
The class sun.text.Normalizer has been replaced with the newer java.text.Normalizer shipped with Java SE 6. Please read Why Developers Should Not Write Programs That Call 'sun' Packages.

Configuration

Maven Configuration

Add Stripes XSS Interceptor dependency to your project:

<dependency>
    <groupId>com.samaxes.stripes</groupId>
    <artifactId>stripesafe</artifactId>
    <version>VERSION</version>
</dependency>

Stripes filter configuration

Add Stripes XSS Interceptor to Stripes filter Extension.Packages configuration in web.xml:

<init-param>
    <param-name>Extension.Packages</param-name>
    <param-value>com.samaxes.stripes.xss</param-value>
</init-param>

License

This distribution is licensed under the terms of the Apache License, Version 2.0 (see LICENSE.txt).

Stripes Framework

Versions

Version
1.0.1 Nov 11, 2013
1.0 Jun 29, 2010

Stripes XSS Interceptor

License

Categories

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Project Organization

Source Code Management

Download stripesafe

How to add to project

Dependencies

compile (1)

provided (1)

Project Modules

Stripes XSS Interceptor

Configuration

Maven Configuration

Stripes filter configuration

License

Stripes Framework

Versions