Redback
  1. Redback
  2. REDBACK-275

Implement an interceptor that checks requests for possible XSS attacks

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.2.6
    • Fix Version/s: 1.2.7
    • Component/s: web integration
    • Labels:
      None
    • Number of attachments :
      0

      Activity

      Hide
      Maria Odea Ching added a comment -

      Fixed in -r958:

      • added interceptor that checks requests for possible XSS attack by checking request parameters for the presence of <script> tag. if found, user will be
        alerted that a possible xss attack has been detected.
      • added unit tests
      • configured interceptor in struts2 example webapp
      Show
      Maria Odea Ching added a comment - Fixed in -r958 : added interceptor that checks requests for possible XSS attack by checking request parameters for the presence of <script> tag. if found, user will be alerted that a possible xss attack has been detected. added unit tests configured interceptor in struts2 example webapp
      Hide
      mark john magallanes added a comment -

      hi i proposed to modify the interceptor to check for a pattern using regular expressions cause currently it only checks for the presence of the <script> tag it should also cover the standard HTML events will upload my patch with-in 24hr

      Show
      mark john magallanes added a comment - hi i proposed to modify the interceptor to check for a pattern using regular expressions cause currently it only checks for the presence of the <script> tag it should also cover the standard HTML events will upload my patch with-in 24hr

        People

        • Assignee:
          Maria Odea Ching
          Reporter:
          Maria Odea Ching
        • Votes:
          0 Vote for this issue
          Watchers:
          0 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved: