Security – Stefan Hendriks' blog

Paypal, vulnerability through obscurity?

I have been member of Paypal for quite some time, and I use it rarely. When I use it, I want it to be a quick, seamless experience. I log in, do my business, log out. Thats it. Reality is different. Although I must admit, it does not help that I forget my password every […]

Prevent cross-site scripting when using JSON objects using ESAPI and Jackson framework 1.7.x

Recently I have had the opportunity to fix a cross-site-scripting problem. The problem: a lot of JSON objects are being sent over the wire and the data is not being html escaped. This means that anyone who would put html data IN would get it out and make any user vulnerable for XSS attacks. In […]

Stefan Hendriks' blog

sharing my passion about software and game development

Category: Security

Paypal, vulnerability through obscurity?

Prevent cross-site scripting when using JSON objects using ESAPI and Jackson framework 1.7.x

Share this:

Share this: