NVelocity and XSS

NVelocity is a view engine for MonoRail. It’s quite handy and it’s not difficult to deliver such views.

One of the flows I can name can be the security issues. By default there’s not much support for security. For instance it’s possible to perform XSS (Cross-site scripting) attacks by providing XHTML or JavaScript code.

I spent some time googleing for existing solutions for that MAJOR issue but I failed to find anything interesting. The most usefult information I’ve found was the article called Cross Site Scripting and letting the framework deal with it. Accordint to its author, Oren Eini, some support for HTML encoding has been implemented for Brail, which is another MonoRail view engine. But… I’m interested in NVelocity, not Brail!

Should you discover anything interesting on that topic, please post a link as a comment for this post. I’d be grateful icon_smile-4361815


Previous Post
Next Post