• Post Reply Bookmark Topic Watch Topic
  • New Topic

XSS Prevension.  RSS feed

 
suja changanam
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to know how to prevent XSS in the following situation.

http://localhost/../shop/BSAOmnifindQueryCmd?
storeId=11001&catalogId=1005=%22%3E%0D%0A%3Cscript+%3Ealert%28123%29%3C/script+%3E&ip_state=&ip_sortBy=&ip_constrain=&ip_navtype=search&pageSize=12¤tPage=0&searchCategory=searchView&langId=-1


The Jsp Page goes to the server side. In server side there a is prohibited char. check . So page redirects to that page but the url remain same and the Script alert pops up.
Please let me know how to prevent this type of attack.

Thanks
Suja
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!