HP Fortify问题,可能存在XSS漏洞?
[英]HP Fortify issue, possible XSS vulerability?
问题描述
I am trying to understand what risk Fortify is seeing here. 
我试图了解Fortify在这里面临的风险。 I am new to XSS work and I want to be sure before I decide this isn't a real issue. 我是XSS工作的新手,在确定这不是一个真正的问题之前,我想确定一下。 I can't see how a person could use this code for anything but messing up their own computer, so I am curious if I am missing something. 除了弄乱自己的计算机之外,我看不到任何人可以使用此代码,因此我很好奇是否遗漏了一些东西。
Here is the source text Fortify says that the line where window.location.href is being assigned is the vulnerability. 这是源文件Fortify所说的,分配window.location.href的行是漏洞。 "Unvalidated" data sent to browser. “未经验证”的数据发送到浏览器。
<c:if test="${isExternalUser}">
<script type="text/javascript">
$(function(){
$('#logoutLink').on('click', function(){
var logoutUrl = window.appSettings.context + '/external/logout/';
$.get(logoutUrl).done(function(){
window.location.href = window.location.protocol + "//" + window.location.host + window.appSettings.context + "/?${ssw:encodeJS(header['policy-signout'])}";
});
});
});
</script>
</c:if>
As far as I can tell there is no risk here. 据我所知,这里没有风险。
1 个解决方案
解决方案1
1 已采纳 2014-02-07 10:19:13
I can't see any risk. 我看不到任何风险。
The only unvalidated data external to the browser is 浏览器外部唯一未经验证的数据是
${ssw:encodeJS(header['policy-signout'])}
which is correctly being JS encoded. 这是正确的JS编码。 Maybe Fortify isn't picking up on this fact. 也许Fortify没有意识到这一事实。
You could try splitting that line (as a test) just to make sure it is the encodejs that is not being recognised as executing JS encoding. 您可以尝试拆分该行(作为测试),以确保不会被识别为正在执行JS编码的encodejs 。
var policySignout = "${ssw:encodeJS(header['policy-signout'])}";
window.location.href = window.location.protocol + "//" + window.location.host + window.appSettings.context + "/?" + policySignout;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.