• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

presentation tier vulnarabilities (XSS) and Antisamy Lib

 
Ranch Hand
Posts: 42
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,
I have been using Antisamy library (from OWASP) for preventing XSS for an existing web application.
Can someone advice me to understand the Ploicy file.I found that there is no documentation for this yet.(its under work the official site says).

Here is a rule from the Policy File.



My understanding is : This rule cause to stop executing onMouseOver() event when the response from server contains onMouseOver to prevent Reflected XSS.However,this event works on the web page perfectly before the request goes to the server.So that there is no side-effect of using this library to the existing JSP or HTMLS which have already onmouseOver and onmouseClick events coded.

can someone please tell me my understanding is correct?
 
I do some of my very best work in water. Like this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!