Grails plugin for sanitizing XSS from the user input.
Java Groovy
Switch branches/tags
Latest commit c747766 Sep 16, 2015 @tonyzampogna tonyzampogna Merge pull request #7 from mathifonseca/master
Updated dependencies and added config to disable plugin


Grails plugin for sanitizing XSS from the user input.

This plugin uses OWASP ESAPI library to sanitize request parameters. This reduces the risk of dangerous XSS request parameters possibly being rendered on the client.


To use the plugin, add this to your BuildConfig.groovy:

runtime ":xss-sanitizer:0.3"


This plugin will add the automatic ability to strip / clean out unwanted XSS code in the browser. The plugin strips code that comes in via the request object. Also, any Servlets will use an extend HttpServletRequest so that request parameters used from that servlet will be stripped as well.

Just adding this plugin to you project with the installation instructions above will activate it. No other actions are needed.

There is an XssSanitizerUtil class that can also be used to strip strings out.

Also, you can enable or disable it by adding a key in your Config.groovy like this:

xssSanitizer.enabled = true