diff --git a/jspblog/pom.xml b/jspblog/pom.xml
index bfa83e34..8aa5788c 100644
--- a/jspblog/pom.xml
+++ b/jspblog/pom.xml
@@ -60,6 +60,12 @@
jstl
1.2
+
+
+ com.navercorp.lucy
+ lucy-xss-servlet
+ 2.0.0
+
diff --git a/jspblog/src/main/java/com/example/jspblog/domain/board/Board.java b/jspblog/src/main/java/com/example/jspblog/domain/board/Board.java
index 49f0e1d3..4d00cca2 100644
--- a/jspblog/src/main/java/com/example/jspblog/domain/board/Board.java
+++ b/jspblog/src/main/java/com/example/jspblog/domain/board/Board.java
@@ -20,7 +20,7 @@ public class Board {
private int readCount;
private Timestamp createDate;
- public String getTitle() {
- return title.replaceAll("<", "<").replaceAll(">", ">");
- }
+// public String getTitle() {
+// return title.replaceAll("<", "<").replaceAll(">", ">");
+// }
}
diff --git a/jspblog/src/main/resources/lucy-xss-sax.xml b/jspblog/src/main/resources/lucy-xss-sax.xml
new file mode 100644
index 00000000..b73c9be8
--- /dev/null
+++ b/jspblog/src/main/resources/lucy-xss-sax.xml
@@ -0,0 +1,149 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/jspblog/src/main/resources/lucy-xss-servlet-filter-rule.xml b/jspblog/src/main/resources/lucy-xss-servlet-filter-rule.xml
new file mode 100644
index 00000000..b7cb7854
--- /dev/null
+++ b/jspblog/src/main/resources/lucy-xss-servlet-filter-rule.xml
@@ -0,0 +1,74 @@
+
+
+
+
+
+ xssPreventerDefender
+ com.navercorp.lucy.security.xss.servletfilter.defender.XssPreventerDefender
+
+
+
+
+ xssSaxFilterDefender
+ com.navercorp.lucy.security.xss.servletfilter.defender.XssSaxFilterDefender
+
+ lucy-xss-sax.xml
+ false
+
+
+
+
+
+ xssFilterDefender
+ com.navercorp.lucy.security.xss.servletfilter.defender.XssFilterDefender
+
+ lucy-xss.xml
+ false
+
+
+
+
+
+
+ xssPreventerDefender
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ /disableUrl1.do
+
+
+
+
+ /url1.do
+
+
+
+
+
+
+
+
+ /url2.do
+
+
+
+ xssSaxFilterDefender
+
+
+
+
+
\ No newline at end of file
diff --git a/jspblog/src/main/webapp/WEB-INF/web.xml b/jspblog/src/main/webapp/WEB-INF/web.xml
index 7697c346..1ec92c18 100644
--- a/jspblog/src/main/webapp/WEB-INF/web.xml
+++ b/jspblog/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,10 @@
forbiddenUrlConfig
com.example.jspblog.config.ForbiddenUrlConfig
+
+ xssEscapeServletFilter
+ com.navercorp.lucy.security.xss.servletfilter.XssEscapeServletFilter
+
charConfig
@@ -30,4 +34,9 @@
forbiddenUrlConfig
*.jsp
+
+
+ xssEscapeServletFilter
+ /*
+
\ No newline at end of file