@ControllerAdvice
public class BaseControllerAdvice {
@InitBinder
protected void initBinder(WebDataBinder webDatabinder) {
//controller all received parameters, perform HTML encoding with String to prevent XSS attacks
binder.registerCustomEditor(String.class, new PropertyEditorSupport() {
public String getAsText() {
Object text= getValue() ;
return text!= null ? text.toString() : "";
} public void setAsText(String text) { setValue(text == null ? null : StringEscapeUtils.escapeHtml4(text.trim())); } }); }
}