XSS Sanitizer for Stripes Framework


Stripes XSS Interceptor

Stripes XSS Interceptor escapes all the parameters that Stripes binds during its Validation & Binding phase using a wrapped request object (a convenient implementation of the HttpServletRequest interface). The code follows the XSS (Cross Site Scripting) security guidance posted at Open Web Application Security Project (OWASP).

NOTE: Parameters gotten manually through request.getParameter() are not sanitized.

This project is an update of the excellent XSS filter from Jeff Ferber and contain the following changes:


Maven Configuration

Add Stripes XSS Interceptor dependency to your project:


Stripes filter configuration

Add Stripes XSS Interceptor to Stripes filter Extension.Packages configuration in web.xml:



This distribution is licensed under the terms of the Apache License, Version 2.0 (see LICENSE.txt).