develooper Front page | perl.beginners | Postings from May 2007

ScanAlert XSS warnings

Thread Next
Mike Blezien
May 31, 2007 10:52
ScanAlert XSS warnings
Message ID:

there is a script on our site, that receives this warning from the HackSafe

" ... The remote web application appears to be vulnerable to cross site
scripting (XSS).

General Solution:
HTML encode data before sending it to the browser.

Filtering < and > alone will not solve all cross site scripting attacks.
It is suggested you also attempt to filter out open and closing parenthesis or
convert them to their encoded equivalents.  ... "

I have gone through the script serveral times and though we had it corrected. 
Has anyone on the list experience this problem and may have some suggestions on 
how to correct this XSS scripting. This takes a POST from a standard type 
registration form.


Thunder Rain Internet Publishing

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About