I am working on fixing the XSS vulnerability of a website which is using smartgwt. Is there any tutorial on cross site scripting with smartgwt? Will smartgwt handle XSS automatically? Or can someone give an overview or some guidelines of how to fix XSS with smartgwt?
-
Last edited by roywang; 18 Nov 2014, 07:03. -
Hello roywang,
as starter: Did you read the Quick Start Guide and did you see DataSourceField.escapeHTML?
Best regards,
Blama -
Thanks, Blama, I will read it carefully, is there anymore tutorial focusing on XSS with smartgwt?Comment
-
Hello roywang,
The QSG is not on XSS, but SmartGWT in general and definitely a good read.
You should also read the FAQ-thread here and you can use the forums search. I know that the XSS topic came up sometime this year.
Basically I think you are fine with either escapeHtml or Validators disallowing HTML special characters to be entered.
Best regards,
BlamaComment
Comment