Prevention of Cross-site scripting (XSS)

Submitted by mark.burton on Thu, 01/26/2017 - 03:10
1
0
-1

I'm wanting to prevent Cross-site scripting (XSS) and am wondering how I can best approach this. (on Bonita version 7.2.4)

For example how to prevent the below script being embedded in the response?

http://localhost:8080/bonita/portal/documentDownload?fileName=alert.jpg&contentStorageId=/<img src=test onerror=alert(1)>

xss

Comments

Submitted by mark.burton on Thu, 01/26/2017 - 03:12

Sorry this:
http://localhost:8080/bonita/portal/documentDownload?fileName=alert.jpg&contentStorageId=/<img src=test onerror=alert(1)>

Permalink
1 answer

Submitted by anthony.birembaut on Thu, 01/26/2017 - 17:59
1
+2
-1

Hi,
I think this has been solved in 7.3.0
The error JSPs don't display the exceptions anymore.
If you cannot upgrade to a more recent version, you can modify or replace the JSP in the directory error-pages of bonita.war

Comments

Submitted by mark.burton on Thu, 01/26/2017 - 20:16

This is a great answer Anthony, thank you.

Permalink
Notifications