Posted By

stoyan on 08/07/09


Tagged

javascript java JSP xss proxy


Versions (?)

Who likes this?

1 person have marked this snippet as a favorite

kubaitis


JSP proxy for JavaScript applications


 / Published in: Java
 

*save as proxy.jsp and put it in your servlet container *consider using other methods to circumvent XSS: JSONP, dojox.io.xhrWindowNamePlugin, etc.

  1. <%@page session="false"%>
  2. <%@page import="java.net.*,java.io.*" %>
  3. <%
  4. try {
  5. String reqUrl = request.getQueryString();
  6.  
  7. URL url = new URL(reqUrl);
  8. HttpURLConnection con = (HttpURLConnection)url.openConnection();
  9. con.setDoOutput(true);
  10. con.setRequestMethod(request.getMethod());
  11. int clength = request.getContentLength();
  12. if(clength > 0) {
  13. con.setDoInput(true);
  14. byte[] idata = new byte[clength];
  15. request.getInputStream().read(idata, 0, clength);
  16. con.getOutputStream().write(idata, 0, clength);
  17. }
  18. response.setContentType(con.getContentType());
  19.  
  20. BufferedReader rd = new BufferedReader(new InputStreamReader(con.getInputStream()));
  21. String line;
  22. while ((line = rd.readLine()) != null) {
  23. out.println(line);
  24. }
  25. rd.close();
  26.  
  27. } catch(Exception e) {
  28. response.setStatus(500);
  29. }
  30. %>

Report this snippet  

You need to login to post a comment.