Tag Archives: jsp

Thymeleaf and Spring Security

Thymeleaf is a popular templating engine, particularly with Spring projects. Spring Boot has chosen Thymeleaf as the view technology of choice, largely replacing the need for JSP. With old JSPs, custom tag libraries provided integration with various technologies, including Spring Security. A similar library exists to integrate Thymeleaf and Spring Security – the Thymeleaf Spring read more »

Preventing XSS Vulnerabilities in Web Frameworks

The protection offered by web frameworks is only useful if it is enabled. On several occasions I’ve seen developers explicitly disable the ‘safe’ output mechanisms provided by the framework.