Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CSRF, XSS and SQL Injection attack prevention in JSF
- <p>Welcome, #{user.name}</p>
- <h:outputText value="#{user.name}" escape="false" />
- String sql = "SELECT * FROM user WHERE username = '" + username + "' AND password = md5(" + password + ")";
- String jpql = "SELECT u FROM User u WHERE u.username = '" + username + "' AND u.password = md5('" + password + "')";
- x'; DROP TABLE user; --
- String sql = "SELECT * FROM user WHERE username = ? AND password = md5(?)";
- String jpql = "SELECT u FROM User u WHERE u.username = ?1 AND u.password = md5(?2)";
- response.write("<b>" + x + "</b>")
- response.write("<b>" + escapePlainTextToHtml(x) + "</b>")
Add Comment
Please, Sign In to add comment