Tuesday, December 15, 2020

Input validation of number in JSP

 As per one security flaw in security scan Input Validation : We have to validate input is number or not .

Use below code for same


<jsp:forward page="AccessError.jsp">

<jsp:param name="storeId" value="${WCParam.storeId}" />

<jsp:param name="langId" value="${WCParam.langId}" />

<jsp:param name="catalogId" value="${WCParam.catalogId}" />

</jsp:forward>


Solution used was: 

<c:set var="storeId">
		<c:if test="${WCParam.storeId.matches('[0-9]+')}">
<c:out value="${WCParam.storeId}"/>
</c:if></c:set>

1 comment:

  1. FYI, WCS provide OOO option. you can achieve this using WhiteListProtection in wc-server.xml

    Here is the sample

    WhiteListProtection enabled="true" name="WhiteListProtection" display="false"

    param name="storeId" regex="[-]?[0-9]*
    param name="langId" regex="[-]?[0-9]*
    param name="catalogId" regex="[-]?[0-9]*

    ReplyDelete