How to prevent cross-site scripting (XSS)

You should HTML escape any input before outputting it back to the user.

留言

張貼留言

這個網誌中的熱門文章

10 Tips for Proper Application Logging

圖片
Reference: https://www.javacodegeeks.com/2011/01/10-tips-proper-application-logging.html   Our latest   JCP partner ,   Tomasz Nurkiewicz , has submitted a number of posts describing the basic principles of proper application   logging . I found them quite interesting, thus I decided to aggregate them in a more compact format and present them to you. So, here are his suggestions for clean and helpful logs:(NOTE: The original posts have been slightly edited to improve readability) 1) Use the appropriate tools for the job Many programmers seem to forget how important is logging an application’s behavior and its current activity. When somebody puts: 1 log.info( "Happy and carefree logging" ); happily somewhere in the code, he probably doesn’t realize the importance of application logs during maintenance, tuning and failure identification. Underestimating the value of good logs is a terrible mistake. In my opinion, SLF4J is the best logging API availab...
閱讀完整內容

java.lang.NoClassDefFoundError: org/apache/xerces/jaxp/datatype/XMLGregorianCalendarImpl$Parser

When you encounter the following error that related to web service. java.lang.NoClassDefFoundError: org/apache/xerces/jaxp/datatype/XMLGregorianCalendarImpl$Parser Solution 1: Ensure no xercesImpl.jar in your classpath since the implementation of xerce is built-in wiht JAVA SE 1.6. Solution 2: Use XmlJavaTypeAdapter [ @XmlJavaTypeAdapter(JaxbDateAdapter.class)] to convert XMLGregorianCalendar type to Date type. XMLGregorianCalendar is the built-in Java data type for JAXB mapping with datetime. Example: Binding.xjb <?xml version="1.0" encoding="UTF-8"?> <bindings xmlns="http://java.sun.com/xml/ns/jaxb"                 xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance"                 xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"               ...
閱讀完整內容

MS SQL Server: EXECUTE permission denied on xp_sqljdbc_xa_init_ex

When attempting to start the system using MS SQL Server 2008 R2 you get an exception like: javax.transaction.xa.XAException: com.microsoft.sqlserver.jdbc_SQLServerException: failed to create the XA control connection. Error: "The EXECUTE permission was denied on the object 'xp_sqljdbc_xa_init_ex', database 'master' schema 'dbo' To fix the problem you should add user for master database with SqlJDBCXAUser permission. or you may execute the following command (also need to grant right first) EXEC sp_addrolemember [SqlJDBCXAUser], 'username'
閱讀完整內容