I’m wanting to prevent Cross-site scripting (XSS) and am wondering how I can best approach this. (on Bonita version 7.2.4)
For example how to prevent the below script being embedded in the response?
http://localhost:8080/bonita/portal/documentDownload?fileName=alert.jpg&contentStorageId=/<img src=test onerror=alert(1)>
Hi,
I think this has been solved in 7.3.0
The error JSPs don’t display the exceptions anymore.
If you cannot upgrade to a more recent version, you can modify or replace the JSP in the directory error-pages of bonita.war
Sorry this:
http://localhost:8080/bonita/portal/documentDownload?fileName=alert.jpg&contentStorageId=/<img src=test onerror=alert(1)>
This is a great answer Anthony, thank you.