I'm writing a Java class that will be brought by the servlet filter and will investigate for injection attacks and XSS on Strauss Based Java Web Application InjectionActiveCakker class using Reggae & amp; To validate the input against the pattern specified in the Java.util.rege.xpattern class regex.
With this, I have the following questions:
- All special characters and character patterns (for example
- Is there an existing ridge pattern that I can use?
- I have to allow certain character patterns in some specific cases, some example values (to be allowed) (use 'pipe' | characters as separators for different values) * Atlanta | # 654, BLDG 8 # 501 | Herpes Simplex: Chronic ulcer (S) (> 1 month period) or Bronchitis, Pneumonitis, or Anophagitis. FUNC & amp; Compact (Datacamp), "NDI and Malakk & HRANNIN (ICD10, HA)" what strategy should I adopt so that injection attacks and XSS can be prevented, but the patterns of these letters are also allowed.
I hope that I have mentioned the question clearly but if I have not, then I am sorry about my second question about this, please tell me if there is any explanation Necessary.
Based on your questions, I'm assuming that you can filter poor prices I personally I feel that this method can be very complex very quickly and will suggest encoding values as an alternative method. There is an IBM article on this subject which tells the pros and cons of both methods.
To avoid attacks of SQL injection, use the prepared statement instead of just making the SQL string.
Comments
Post a Comment