I have created a new project named Stripes XSS Interceptor.

This project escapes all the parameters that Stripes Framework binds during its Validation & Binding phase using a wrapped request object (a convenient implementation of the HttpServletRequest interface).

The code follows the XSS (Cross Site Scripting) security guidance posted at OWASP (Open Web Application Security Project).

Please feel free to report any bug you find in the project’s Issue Tracker.

Comments

comments powered by Disqus