Uploaded image for project: 'OODT (Retired)'
  1. OODT (Retired)
  2. OODT-364

prevent XSS attacks via malformed query string

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.3
    • 0.4
    • balance

    Description

      At the moment the URL is stored 'as is' in the ApplicationRequest object. If shown later in a view, (e.g.: on a 404 page) it represents an XSS hole. To protect against this, the url should be sanitized through a call to htmlentities() prior to storage

      Attachments

        Activity

          People

            ahart Andrew Hart
            ahart Andrew Hart
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: