stackoom
  简体   繁体   中英

Iframe attack(xss) in sakai cle

 原文  2014-03-26 12:05:46       java/ security/ xss/ sakai

Question

localhost:8080/portal/help/html/help.jsp?allowLink=true&emailLink='"()%26%251<iframe id="mainIframe" width="800" height="600" src="http://google.com"></iframe>

How to prevent cross site scripting in sakai. i am calling req.getQueryString() in RequestFilter.java then i am getting this url.please help me how to solve issue

Thanks in Advance

1 answers

solution1
 3 ACCPTED  2014-06-06 02:53:39

If you uncover a security vulnerability in Sakai software please do not voice your concerns on any public listserv, blog or other open communication channel but instead notify the Sakai Foundation immediately at security@sakaifoundation.org. Please provide a callback telephone number so that we can contact you by telephone if it is deemed necessary.

See the policy here: https://confluence.sakaiproject.org/display/SECWG/Security+Policy

If you create a login here: https://jira.sakaiproject.org/secure/Dashboard.jspa

You can report the security issue by creating an issue and setting the Security Level pulldown to "Security Issue" Thanks

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question XSS attack : Alternative to OWASP? XSS attack prevention how to prevent XSS attack XSS attack in URL OWASP ESAPI XSS Attack undetected Persistance XSS attack during OutputStream.write() Prevent xss attack in Spring+Hibernate application Using (.matches) boolean statement prevents XSS attack? XSS Attack Multiple Directories Struts 1.2 How to prevent XSS attack tomcat 5.5
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM