In spring MVC(3.x) to make protection against xss at the level of the whole application?

Good day!

I have an app on spring MVC. I need to add protection against CSS attacks at the level of the whole application. How do I do that all the incoming parameters from all queries are automatically escaped? The variant when each request separately, or to be escaped when output in jsp is not suitable, maybe there is a danger of forgetting any parameter.
September 19th 19 at 12:52
1 answer
September 19th 19 at 12:54
In web.xml
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
this is not an option. More precisely, not working. When I put the parameters ${param}, they still remain with the script tags. Don't know why. - candida_Jaco commented on September 19th 19 at 12:57
: and what makes you think that they will not?)) - reuben.Bartolett commented on September 19th 19 at 13:00

Find more questions by tags SpringTomcatJava