WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

How to handle Cross site scripting (XSS) in WebSphere Application Server 7.0.0.25

  • 1.  How to handle Cross site scripting (XSS) in WebSphere Application Server 7.0.0.25

    Posted Fri December 07, 2012 05:33 AM
    Hello Everyone,

    My application is hosted in WAS Fixpack 7.0.0.25 in AIX platform, we are currently running some scans and its been found that Cross-site scripting issue with the application. I would like to know if this can be handled at the WebSphere Application Server level. I know there is a way to enable Cross site scripting protection in WebSphere Commerce Server, however couldn't find this option in WAS. Anyone know if this can be done at the application server level. Please let me know. Thank you in advance.

    rgds,
    Nirmal.


  • 2.  How to handle Cross site scripting (XSS) in WebSphere Application Server 7.0.0.25

    Posted Mon December 10, 2012 05:09 AM
    Hi Nirmal

      I just found this....
     
      PM03788: WEBSPHERE APPLICATION SERVER ENCODES MESSAGE FROM SENDERROR(INT, MSG) METHOD
      www-01.ibm.com/support/docview.wss?uid=s...
     
      You need to use WebContainer Custom Properties to prevent XSS
     
      com.ibm.ws.webcontainer.setUnencodedHTMLinsendError
      pic.dhe.ibm.com/infocenter/wasinfo/v7r0/...
     
      hope this helps.
     
    regards


  • 3.  How to handle Cross site scripting (XSS) in WebSphere Application Server 7.0.0.25

    Posted Mon December 10, 2012 08:07 AM
    Thank you very much Gabriel.

    This seems to be promising, let me try it out on our servers. I will keep you posted on the updates. Thank you again.

    rgds,
    Nirmal.


Related Content