Implement an interceptor that checks requests for possible XSS attacks

Details

Type: Improvement
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.2.6
Fix Version/s: 1.2.7
Component/s: web integration
Labels:
None

Number of attachments :
0

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Maria Odea Ching added a comment - 11/Mar/11 2:54 AM

Fixed in -r958:

added interceptor that checks requests for possible XSS attack by checking request parameters for the presence of <script> tag. if found, user will be
alerted that a possible xss attack has been detected.
added unit tests
configured interceptor in struts2 example webapp

Show

Maria Odea Ching added a comment - 11/Mar/11 2:54 AM Fixed in -r958 : added interceptor that checks requests for possible XSS attack by checking request parameters for the presence of <script> tag. if found, user will be alerted that a possible xss attack has been detected. added unit tests configured interceptor in struts2 example webapp

Hide

Permalink

mark john magallanes added a comment - 05/Apr/11 7:46 PM

hi i proposed to modify the interceptor to check for a pattern using regular expressions cause currently it only checks for the presence of the <script> tag it should also cover the standard HTML events will upload my patch with-in 24hr

Show

mark john magallanes added a comment - 05/Apr/11 7:46 PM hi i proposed to modify the interceptor to check for a pattern using regular expressions cause currently it only checks for the presence of the <script> tag it should also cover the standard HTML events will upload my patch with-in 24hr

People

Assignee:

Maria Odea Ching

Reporter:

Maria Odea Ching

Vote (0)

Watch (0)

Dates

Created:

11/Mar/11 1:19 AM

Updated:

05/Apr/11 7:46 PM

Resolved:

11/Mar/11 2:54 AM