[WEB SECURITY] How to avoid XSS into PDF Files, using java

["Cruz, Edwin \(GE, Corporate, consultant\)" <edwin.cruz@xxxxxx>]

------_=_NextPart_001_01C79970.4A6E0D38
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi folks...
=20
I have to create a routine that verify the content of a PDF File =
uploaded throughout an html Form. I check the content type, but if some =
malicious xss code is inserted into that PDF file, it is not detected. =
I=92d like to know if there is a known way to avoid this problem. Should =
I use the java pdf library to verify the content??? I know that I could =
avoid the problem if I send a content disposition into the headers, but =
I can not do it.

=20

<?xml:namespace prefix =3D o ns =3D =
"urn:schemas-microsoft-com:office:office" />Any suggestions are wellcome

=20


Thanks in advanced=85

=20

=20

--

Ing. Edwin Cruz

Sofware Engineer

Softtek GDC-Aguascalientes, GE Treasury

=20


------_=_NextPart_001_01C79970.4A6E0D38
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DWindows-1252">


<META content=3D"MSHTML 6.00.2800.1593" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D427221417-18052007>Hi=20
folks...</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D427221417-18052007></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial><SPAN class=3D427221417-18052007>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have to create a routine =
that=20
verify the content of a PDF File uploaded throughout an html Form. I =
check the=20
content type, but if some malicious xss code is inserted into that PDF =
file, it=20
is not detected. I=92d like to know if there is a known way to avoid =
this problem.=20
Should I use the java pdf library to verify the content??? I know that I =
could=20
avoid the problem if I send a content disposition into the headers, but =
I can=20
not do it.</SPAN></P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN>&nbsp;</P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><?xml:namespace prefix =3D =
o ns =3D=20
"urn:schemas-microsoft-com:office:office" /><o:p><SPAN=20
class=3D427221417-18052007>Any suggestions are =
wellcome</SPAN></o:p></SPAN></P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">&nbsp;<o:p></o:p></SPAN></P><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><FONT =
color=3D#0000ff></FONT><FONT=20
color=3D#0000ff></FONT><BR>Thanks in advanced=85</P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><FONT=20
color=3D#0000ff></FONT>&nbsp;</P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><FONT=20
face=3D"Arial Unicode MS"></FONT>&nbsp;</P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
class=3D427221417-18052007><FONT face=3D"Arial Unicode =
MS">--</FONT></SPAN></P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
class=3D427221417-18052007><FONT face=3D"Arial Unicode MS">Ing. Edwin=20
Cruz</FONT></SPAN></P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
class=3D427221417-18052007><FONT face=3D"Arial Unicode MS">Sofware=20
Engineer</FONT></SPAN></P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
class=3D427221417-18052007><FONT face=3D"Arial Unicode MS">Softtek=20
GDC-Aguascalientes, GE Treasury</FONT></SPAN></P>
<P class=3DMsoNormal style=3D"MARGIN: 0cm 0cm 0pt"><SPAN=20
class=3D427221417-18052007><FONT=20
face=3D"Arial Unicode =
MS"></FONT></SPAN></SPAN>&nbsp;</P></SPAN></FONT></DIV></BODY></HTML>

------_=_NextPart_001_01C79970.4A6E0D38--