[OODT-364] prevent XSS attacks via malformed query string - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.3
Fix Version/s: 0.4
Component/s: balance
Labels:
- xss

Description

At the moment the URL is stored 'as is' in the ApplicationRequest object. If shown later in a view, (e.g.: on a 404 page) it represents an XSS hole. To protect against this, the url should be sanitized through a call to htmlentities() prior to storage

Attachments

Activity

People

Assignee:: Andrew Hart

Reporter:: Andrew Hart

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 12/Dec/11 23:29

Updated:: 21/Dec/11 20:33

Resolved:: 21/Dec/11 20:33