You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oodt.apache.org by "Andrew Hart (Created) (JIRA)" <ji...@apache.org> on 2011/12/13 00:31:30 UTC
[jira] [Created] (OODT-364) prevent XSS attacks via malformed query
string
prevent XSS attacks via malformed query string
----------------------------------------------
Key: OODT-364
URL: https://issues.apache.org/jira/browse/OODT-364
Project: OODT
Issue Type: Improvement
Components: balance
Affects Versions: 0.3
Reporter: Andrew Hart
Assignee: Andrew Hart
Fix For: 0.4
At the moment the URL is stored 'as is' in the ApplicationRequest object. If shown later in a view, (e.g.: on a 404 page) it represents an XSS hole. To protect against this, the url should be sanitized through a call to htmlentities() prior to storage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (OODT-364) prevent XSS attacks via malformed
query string
Posted by "Andrew Hart (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OODT-364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Hart resolved OODT-364.
------------------------------
Resolution: Fixed
fixed in r1213500
> prevent XSS attacks via malformed query string
> ----------------------------------------------
>
> Key: OODT-364
> URL: https://issues.apache.org/jira/browse/OODT-364
> Project: OODT
> Issue Type: Improvement
> Components: balance
> Affects Versions: 0.3
> Reporter: Andrew Hart
> Assignee: Andrew Hart
> Labels: xss
> Fix For: 0.4
>
>
> At the moment the URL is stored 'as is' in the ApplicationRequest object. If shown later in a view, (e.g.: on a 404 page) it represents an XSS hole. To protect against this, the url should be sanitized through a call to htmlentities() prior to storage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira