XSS attacks suffered how to solve
The XSS attacks
The use of JavaScript or DOM way to attack, XSS (script injection) to submit, and then display the page, affecting the normal structure of the page, you can also do phishing sites to steal user information.
For example, in the page comment <scirpt> alert ( "Malu Si !!") </ script> Then came another user pops up Malu Si ! !
So a comment is <scirpt> location.href = www.xxx.com </ script> it will jump into this page, this page will not own up.
It was the exact same website you can imitate, to jump into the phishing sites and steal information.
Protection XSS attacks
Intercepts all requests to convert special characters into html
1. Start by creating a class that implements Flter, then write on this code.
2. Create a HttpServletRequest class that inherits HttpServletRequestWrapper.
StringEscapeUtils.escapeHtml4 () inside the package is common.lang
3. The HttpServletRequest class new past
Then configure the filter in the filter can be a web.xml