Skip to content

Tag: tapestry

Preventing XSS Vulnerabilities in Web Frameworks

Cross Site Scripting (XSS) vulnerabilities are among the top risks to web application security. However many web application developers have only a vague idea of what XSS is, let alone how to test for it or protect against it. Many web application frameworks such as Struts or Tapestry have some controls for preventing XSS attacks. Yet I’ve seen developers disable framework protections resulting in vulnerable applications. Usually this is simply due to ignorance or lack of attention. A basic awareness of what web frameworks do to prevent XSS vulnerabilities is required to stop developers making dumb, though potentially serious mistakes.

Tapestry Quickstart

As preparation for a recent interview, I decided to attempt to download, install and run an example Tapestry web application. I set aside a couple of hours to get this going. I expected to have to download an installation bundle, extract it, run an installer, install some dependencies, install and configure a webserver, start some services, write some code, debug, swear a bit then give up and just read an online tutorial.

As it happens, all you need is Maven 2. Running two goals with no particular config will download Tapestry and all dependencies, build and deploy a sample webapp and then run it in a webserver (which it will install too!).