Putting XSS Filter and CharacterEncodingFilter together

**anjibman** · Dec 8th, 2012, 02:29 PM

Hi All,

I had already written a XSS Filter to reject invalid input. But my application can still send invalid character/script to the browser. I want to prevent these in response object also. For that I think I can use CharacterEncodingFilter (correct me if I am wrong).

My web.xml already have:

Code:

<!-- URLRewrite Filter -->
	<filter-name>xssFilter</filter-name>
		<filter-class>com.anjib.filter.XssFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>xssFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

How can I give specify another filter with same url pattern without conflicting?

Thanks

**Marten Deinum** · Dec 9th, 2012, 02:46 AM

By simply adding it... You can have as many filters on the same pattern as you like...

**anjibman** · Dec 9th, 2012, 06:48 AM

Does CharacterEncodingFilter convert "<" to "<". I am trying to put filter to do so for the response going from server to browser.

**Marten Deinum** · Dec 10th, 2012, 01:41 AM

No... It enforces/set a character encoding (the scheme) it doesn't convert characters...

Also why are you building your own there are already security filters out there (like HDIV for instance) ... Which offer what you want.

Thread: Putting XSS Filter and CharacterEncodingFilter together

Thread Tools

Display

Putting XSS Filter and CharacterEncodingFilter together

Posting Permissions