Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/371.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
在Java web项目中显示BLOB对象以避免持久的跨站点脚本?_Java_Database_Security_Blob_Xss - Fatal编程技术网
Fatal编程技术网
  • java/
  • 在Java web项目中显示BLOB对象以避免持久的跨站点脚本?

在Java web项目中显示BLOB对象以避免持久的跨站点脚本?

java database security

在Java web项目中显示BLOB对象以避免持久的跨站点脚本?,java,database,security,blob,xss,Java,Database,Security,Blob,Xss,如何在Java web项目中显示存储为BLOB对象的数据并避免持久的跨站点脚本漏洞 ViewDeliveredReportsPage.java中的方法respond()将未经验证的数据发送到第2775行的web浏览器,这可能导致浏览器执行恶意代码 2773 byte[] barray = new byte[byteLen]; 2774 barray = blob.getBytes(1,byteLen); 2775 httpResponse.getOutputStream().write(barr

如何在Java web项目中显示存储为
BLOB
对象的数据并避免持久的跨站点脚本漏洞

ViewDeliveredReportsPage.java
中的方法
respond()
将未经验证的数据发送到
第2775行的web浏览器,这可能导致浏览器执行恶意代码


2773 byte[] barray = new byte[byteLen];
2774 barray = blob.getBytes(1,byteLen);
2775 httpResponse.getOutputStream().write(barray);
2776 } catch (SQLException e) {
2777 logger.error("ERROR onSelectionChanged



在传递要显示的数据之前,需要对其进行转义。OWASP ESAPI库似乎是一个不错的选择。你可以在这里找到它:

这张备忘单值得一读:


byte[] barray = new byte[byteLen];
barray = blob.getBytes(1,byteLen);
//You'll probably have to convert this to a string first - I am not too
//familiar with Java, but the principal is the same.
String output = ESAPI.encoder().encodeForHTML(barray);
httpResponse.getOutputStream().write(output);
} catch (SQLException e) {
logger.error("ERROR onSelectionChanged