I am working on fixing the XSS vulnerability.
The text sent from server to client is in JSON format, and I use Google's JSON library to convert objects to a JSON string.
Google JSON library will escape the HTML character like '<' or '>' into unicode if the text fields of the objects contain HTML characters, and it is what I want to do to fix the XSS vulnerability, but smartclient converts these unicode back to html characters when putting these characters on the web page. This can been seen in the html source code
Is there any way to disable this, because the encoding is just what I need. Or is there any other way to encode these characters instead of directly putting these HTML characters into HTML code.
I think the smartgwt version I am using is a little bit old, maybe 2.4 or lower.
The text sent from server to client is in JSON format, and I use Google's JSON library to convert objects to a JSON string.
Google JSON library will escape the HTML character like '<' or '>' into unicode if the text fields of the objects contain HTML characters, and it is what I want to do to fix the XSS vulnerability, but smartclient converts these unicode back to html characters when putting these characters on the web page. This can been seen in the html source code
Is there any way to disable this, because the encoding is just what I need. Or is there any other way to encode these characters instead of directly putting these HTML characters into HTML code.
I think the smartgwt version I am using is a little bit old, maybe 2.4 or lower.