- spring-security XSS prevent
https://www.baeldung.com/spring-prevent-xss
- [spring] 파일 업로드시 Xss filter
org.springframework.web.multipart.support.MultipartFilter 적용해야 함
* 톰캣이나 제우스 사용시 오류 발생하면
custom MultipartFilter 구현하여 등록하면 됨
(MultipartFilter와 동일하게 구현 하면 됨)
OR
MultipartFilter.setMultipartResolverBeanName에 "multipartResolver"를 넣어주면 됨* 톰캣 사용시 아래 설정필요
https://m.blog.naver.com/PostView.naver?blogId=platinasnow&logNo=220262487207&proxyReferer=
- spring-boot에서 XssFilter 적용
https://jojoldu.tistory.com/470
- lucy xssFilter 적용
xssEscapeServletFilter는 CharacterEncodingFilter 뒤에 위치해야 한다
https://lovediv.tistory.com/m/32
https://yg1110.tistory.com/m/10
- 상세한 설명
https://m.blog.naver.com/yjhyjh5369/221448834459
- json 처리(여러 내용 포함)
https://mystria.github.io/archivers/xss-filter-on-spring-boot
- json 처리(RequestBody에서 처리)
https://lahuman.jabsiri.co.kr/155
- json RequestBody & 원하는 field만 처리
https://circlee7.medium.com/spring-boot-jackson-json-xss-%EC%B2%98%EB%A6%AC-fdc85a18e9f2
- json 처리(response 단계에서 처리)
https://jojoldu.tistory.com/470
https://exhibitlove.tistory.com/m/3
- springframework HtmlUtils
htmlEscape와 htmlUnescape
https://docs.spring.io/spring-framework/docs/5.0.2.RELEASE/kdoc-api/spring-framework/org.springframework.web.util/-html-utils/html-escape.html
https://docs.spring.io/spring-framework/docs/5.0.2.RELEASE/kdoc-api/spring-framework/org.springframework.web.util/-html-utils/html-unescape.htmlhttps://github.com/HomoEfficio/dev-tips/blob/master/Spring%EC%97%90%EC%84%9C%20JSON%EC%97%90%20XSS%20%EB%B0%A9%EC%A7%80%20%EC%B2%98%EB%A6%AC%20%ED%95%98%EA%B8%B0.md
https://jojoldu.tistory.com/470
'spring-boot' 카테고리의 다른 글
Springboot devtools hot deployment Mybatis error: Could not load [mapper /] (0) | 2021.03.20 |
---|---|
Reached the maximum number of URI tags for 'http.client.requests' (0) | 2020.11.18 |
Image to Base64 String Conversion (0) | 2020.09.24 |
sftp 이용하여 파일 처리 (0) | 2020.09.17 |
UTF-8 설정 (0) | 2020.09.13 |