How to easily validate input fields against entering (java)script-input
Hello, If no validation is put on a string input field, there is a possibility that potentially harmful scripts can be entered which could be executed when for example the data is retrieved to the client. I was wondering if anyone knows of a non-invasive way to stop these scripts from being entered / saved to the database. I'm afraid that if I add a validation rule with a regular expression to each string-attibute in my domain models, it will decrease the performance. Does anyone have experience with this?
not sure if this is what you need, but there is a function in the community commons:
XSSSanitize - Removes all potential dangerous HTML from a string so that it can be safely displayed in a browser. This function should be applied to all HTML which is displayed in the browser and can be entered by (untrusted) users.