import org.owasp.esapi.ESAPI;
import org.owasp.esapi.codecs.Codec;
import org.owasp.esapi.codecs.MySQLCodec;
-import org.owasp.esapi.codecs.MySQLCodec.Mode;
import org.owasp.esapi.codecs.OracleCodec;
+import org.owasp.esapi.codecs.MySQLCodec.Mode;
public class SecurityXssValidator {
Boolean flag = Boolean.FALSE;
try {
if (StringUtils.isNotBlank(value)) {
+ if (value.contains("×eclgn"))
+ {
+ logger.info(EELFLoggerDelegate.applicationLogger, "denyXSS() replacing ×eclgn with empty string for request value : " + value);
+ value=value.replaceAll("×eclgn", "");
+ }
value = ESAPI.encoder().canonicalize(value);
for (Pattern xssInputPattern : XSS_INPUT_PATTERNS) {
if (xssInputPattern.matcher(value).matches()) {
}
} catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, "denyXSS() failed", e);
+ logger.error(EELFLoggerDelegate.errorLogger, "denyXSS() failed for request with value : " + value, e);
}
return flag;
public void setXSS_INPUT_PATTERNS(List<Pattern> xSS_INPUT_PATTERNS) {
XSS_INPUT_PATTERNS = xSS_INPUT_PATTERNS;
}
+
}
\ No newline at end of file