Reading Three Parameters:
Result
31
Servlets
www.corewebprogramming.com
Filtering Strings for 
HTML Specific Characters
You cannot safely insert arbitrary strings 
into servlet output
< and > can cause problems anywhere
& and " cause problems inside of HTML attributes
You sometimes cannot manually translate
String is derived from a program excerpt or another 
source where it is already in standard format
String is derived from HTML form data
Failing to filter special characters makes 
you vulnerable to cross site scripting attack
http://www.cert.org/advisories/CA 2000 02.html
http://www.microsoft.com/technet/security/crssite.asp
See filter method of ServletUtilities at 
http://www.corewebprogramming.com
32
Servlets
www.corewebprogramming.com
16




  

Home

About Services Network Support FAQ Order Contact
 

Servlet Web Hosting

Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting  Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting  Mac Web Hosting 

Lunarwebhost.net  Business web hosting division of Vision Web Hosting Inc. All rights reserved