掲示板
Auth token for Resource Urls - XSS issue
11年前 に Kinshuk Gupta によって更新されました。
Auth token for Resource Urls - XSS issue
New Member 投稿: 10 参加年月日: 13/01/02 最新の投稿
Hi,
I am using liferay 6.1GA version. For preventing XSS attack, we are using Liferay provided authorization token mechanism. When the urls are generated, we can see that p_auth token attached to action and render Urls but not with resource Urls. Any ideas on how to implement the same for resource Urls ?
Also,
This url has been reported vulnerable even after having a p_auth attached to it :-
Any reason for this, would also be helpful.
Thanks
I am using liferay 6.1GA version. For preventing XSS attack, we are using Liferay provided authorization token mechanism. When the urls are generated, we can see that p_auth token attached to action and render Urls but not with resource Urls. Any ideas on how to implement the same for resource Urls ?
Also,
This url has been reported vulnerable even after having a p_auth attached to it :-
https://localhost:8443/web/guest/home?p_auth=Ff1w3fco"><script>alert(51632)</script>&p_p_id=58&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin&_58_doActionAfterLogin=false
Any reason for this, would also be helpful.
Thanks