I am creating Rest Web services Using Spring & passing parameters to the method from model class.
My inputs parameters are as
{
"user_id": 23,
"user_email_id": "q@q.c",
"user_password": "fdsdsdf",
"firstname": "<script>window.alert(‘surprise!’);</script>",
"lastname": "kdfgkdf",
"mobile_number": "1414141414",
"user_status": 1,
"isdeleted": 0,
"created_by": 1,
"profile_picturename": "kfksdjfhksjd",
"address": "sfdsdfsd"
}
& My ReST controller method is as
@RequestMapping(value = "/validate", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
public Object AddUser(@Valid @RequestBody UserInputModel userInputModel, BindingResult br, HttpServletResponse response) throws Exception {
//Logic
}
Here i want to make sure that passing parameter dont contain any Xss or how can i make sure that HTML encoder will work for my input model
Thanks in advance
Use Hibernate Validator's @SafeHtml annotation:
You need to add jsoup as a dependency
Example:
@Entity
public class Foo {
@SafeHtml(...)
private String firstName;
}
Then if you validate the entity, it will be not valid if firstName contains xss