[jira] Commented: (OFBIZ-260) Cross Site Scripting Vulnerability (XSS)

Bruno Busco (JIRA) Tue, 13 Jan 2009 10:20:31 -0800

    [ 
https://issues.apache.org/jira/browse/OFBIZ-260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12663394#action_12663394
 ]


Bruno Busco commented on OFBIZ-260:
-----------------------------------

I have seen in Drupal a nice handling of what they call "input filters".
http://www.lullabot.com/articles/drupal_input_formats_and_filters

May be can give some ideas...

> Cross Site Scripting Vulnerability (XSS)
> ----------------------------------------
>
>                 Key: OFBIZ-260
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-260
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ecommerce
>    Affects Versions: SVN trunk
>            Reporter: Marco Risaliti
>
> It's a copy of http://jira.undersunconsulting.com/browse/OFBIZ-559 from 
> Olivier Lietz.
> ===========================================================
> *Very* simple test: 
> /ecommerce/control/keywordsearch?SEARCH_STRING=<script>alert("XSS");</script> 
> Other components beside ecommerce are also affected.  
>  

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (OFBIZ-260) Cross Site Scripting Vulnerability (XSS)

Reply via email to