You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Marc Jansen Tan Chua (JIRA)" <ji...@codehaus.org> on 2011/04/09 07:31:22 UTC
[jira] Commented: (MRM-1468) Fix cross-site scripting vulnerability
in Archiva.
[ http://jira.codehaus.org/browse/MRM-1468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=263010#action_263010 ]
Marc Jansen Tan Chua commented on MRM-1468:
-------------------------------------------
Hi,
Implementation proposal:
I seem to have noticed the lack of field validation in most of the input forms. I will start by strengthening the field validation for those that are vulnerable to XSS exploits. Also I will be altering some JSP output tags, since some of them uses struts2 output tags that does not escape the injected scripts. The jsp native output function c:out would escape injected scripts.
Validation messages/notifications would be in property(.properties) files.
Any thoughts on this proposal??
Comments & suggestions, would be much appreciated.
> Fix cross-site scripting vulnerability in Archiva.
> --------------------------------------------------
>
> Key: MRM-1468
> URL: http://jira.codehaus.org/browse/MRM-1468
> Project: Archiva
> Issue Type: Task
> Reporter: Marc Jansen Tan Chua
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira