Write a simple class that subcalsses HttpServletRequestWrapper with a getParamater() method that returns the sanitized version of the input. Then pass an instance of your HttpServletRequestWrapper to Filter.doChain instead of the response object directly.
Asaph
- 161.7k
- 25
- 201
- 203