/XssRequestFilters

Filter the Cross-site scripting in request(For Spring Framwork), can be used for servlet based(without using spring framework) application

Primary LanguageJavaApache License 2.0Apache-2.0

XssRequestFilters

Filter the Cross-site scripting

Use @XxsFilter (custom annotation) annotation on your controller methods where you wish to filter Cross-site scripting. It will remove all xss from request parameter.

example:

@Controller
public class TestController {

    @XxsFilter
    @RequestMapping("/")
    public ModelAndView save(Model model, BindingResult result, Map map) {
        // logic
        return new ModelAndView();
    }
    @XxsFilter
        @RequestMapping("/save"
        public ModelAndView save(Model model, BindingResult result, Map map) {
            // logic
            return new ModelAndView();
    }
    
     @XxsFilter
     @RequestMapping("/update")
     public ModelAndView update(Model model, BindingResult result, Map map) {
            // logic
            return new ModelAndView();
     
}

The filter will pick up only those request whose have annotated with @XxsFilter annotation.

XssFiltersConfiguration :

This Component will search all the url's which action are annotated with @XxsFilter (collect the list of urls, which will be pick by CustomXssFilter )

CustomXssFilter:

This filter will only work for request which action have annotated @XxsFilter (with help of XssFiltersConfiguration)

CaptureRequestWrapper :

This class is responsible for filter the XSS in request you can add or remove the XSS handling logic in #stripXSS method in CaptureRequestWrapper, CustomXssFilter use this class for remove xss in request.

FilterConfig :

This component will register CustomXssFilter if there will any @XxsFilte annotation used in url mapping, if there will no @XxsFilte used in application then CustomXssFilter will disable.

##Please create a new issue if you found any issue, also you can create a pull request from improvement. Thank you!