Win a copy of OCP Java SE 8 Programmer II Exam Study Guide this week in the OCP forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

XSS Prevension.  RSS feed

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to know how to prevent XSS in the following situation.

http://localhost/../shop/BSAOmnifindQueryCmd?
storeId=11001&catalogId=1005=%22%3E%0D%0A%3Cscript+%3Ealert%28123%29%3C/script+%3E&ip_state=&ip_sortBy=&ip_constrain=&ip_navtype=search&pageSize=12¤tPage=0&searchCategory=searchView&langId=-1


The Jsp Page goes to the server side. In server side there a is prohibited char. check . So page redirects to that page but the url remain same and the Script alert pops up.
Please let me know how to prevent this type of attack.

Thanks
Suja
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!