Java Reference
In-Depth Information
ters, output escaping is recommended because it provides a second level of defense. Note
that the exact escape sequence can vary depending on where the output is embedded. For
example, untrusted output may occur in an HTML value attribute, CSS, URL, or script;
the output encoding routine will be different in each case. It is also impossible to securely
use untrusted data in some contexts. Consult the OWASP XSS (Cross-Site Scripting) Pre-
vention Cheat Sheet for more information on preventing XSS attacks ( www.owasp.org/
index.php/XSS_Prevention_Cheat_Sheet ) .
Applicability
Failure to encode or escape output before it is displayed or passed across a trust boundary
can result in the execution of arbitrary code.
Related Vulnerabilities
TheApacheGERONIMO-1474vulnerability,reportedinJanuary2006,allowedattackers
to submit URLs containing JavaScript. The Web Access Log Viewer failed to sanitize the
data it forwarded to the administrator console, thereby enabling a classic XSS attack.
Bibliography
[Long 2012]
IDS01-J. Normalize strings before validating them
[OWASP 2011]
Cross-Site Scripting (XSS)
[OWASP 2013]
How to Add Validation Logic to HttpServletRequest XSS (Cross-Site
Scripting) Prevention Cheat Sheet
7. Prevent code injection
Code injection can occur when untrusted input is injected into dynamically constructed
code. One obvious source of potential vulnerabilities is the use of JavaScript from Java
code. The javax.script package consists of interfaces and classes that define Java
scriptingenginesandaframeworkfortheuseofthoseinterfaces andclassesinJavacode.
Misuse of the javax.script API permits an attacker to execute arbitrary code on the tar-
get system.
This guideline is a specific instance of The CERT ® Oracle ® Secure Coding Standard
for Java [Long2012],“IDS00-J.Sanitizeuntrusteddatapassedacrossatrustboundary.”
Search WWH ::




Custom Search