Implementación de filtro para XMLHTTPRequest/Response Caso de problema de seguridad de división de respuesta Http

I need to handle the HTTP Response Splitting Issue for a ajax call through the XMLHTTPRequest/Response. I am using a filter for filtering the servlet request and response and have defined inner classes for the wrapper in which the methods are overridden to check for any presence of CR/LF characters. Now I need to do the same for the AJAX request. The filter is configured in the web.xml. so every request and response can be tracked. This implementation is done and working fine. And I need to have the same implementation for this AJAX request and response. But I am not been able to find any java API to implement the same. Can any one have any suggestion or tips for this issue. Any implementation example is welcome. Thanks a lot in advance.

preguntado el 28 de agosto de 12 a las 14:08

May be I am missing something here. Your current filter should be able to handle the same. With AJAX , you are simply calling the same url to get/post anyway so the same server side processing will happen. -

ya u correct. But the xmlhttpresponse needs to be interrupted for presence of any malicious code contents. and that is what I am not been able to implement. and I need help in that point. -

1 Respuestas

This code should help you. you need to have this in your doFilter()

response = (HttpServletResponse)resp;
StringWrapper responseWrapper = new StringWrapper(response);
chain.doFilter(request, responseWrapper);
String modifiedResponse = cleanUpBadChars(responseWrapper.toString());
PrintWriter out = response.getWriter();
out.write(modifiedResponse);

cleanUpBadChars --> this is a utility function to clean up all the bad chars or whatever characters you do not need.

Respondido 29 ago 12, 15:08

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.