forked from dschadow/Java-Web-Security
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.xhtml
More file actions
30 lines (24 loc) · 1.15 KB
/
index.xhtml
File metadata and controls
30 lines (24 loc) · 1.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://xmlns.jcp.org/jsf/html">
<h:head>
<h:outputStylesheet library="css" value="styles.css" name="styles.css" />
<title>Chapter 07 - XSS with JSF</title>
</h:head>
<h:body>
<h1>Chapter 07 - XSS with JSF</h1>
<p>The first form posts to a page processing the input in elements with default attributes. The second form posts
to a page which is configured as secure as possible using all available attributes to escape the output.</p>
<h2>Default Attributes</h2>
<h:form id="standardForm">
<h:inputText value="#{standard.input}" id="standard" styleClass="text-input" />
<h:commandButton value="Submit" action="standard" styleClass="send-button" />
</h:form>
<h2>Secure Attributes</h2>
<h:form id="maximumForm">
<h:inputText value="#{maximum.input}" id="maximum" styleClass="text-input" />
<h:commandButton value="Submit" action="maximum" styleClass="send-button" />
</h:form>
</h:body>
</html>