Fórum
Auth token for Resource Urls - XSS issue
Kinshuk Gupta, modificado 11 Anos atrás.
Auth token for Resource Urls - XSS issue
New Member Postagens: 10 Data de Entrada: 02/01/13 Postagens Recentes
Hi,
I am using liferay 6.1GA version. For preventing XSS attack, we are using Liferay provided authorization token mechanism. When the urls are generated, we can see that p_auth token attached to action and render Urls but not with resource Urls. Any ideas on how to implement the same for resource Urls ?
Also,
This url has been reported vulnerable even after having a p_auth attached to it :-
Any reason for this, would also be helpful.
Thanks
I am using liferay 6.1GA version. For preventing XSS attack, we are using Liferay provided authorization token mechanism. When the urls are generated, we can see that p_auth token attached to action and render Urls but not with resource Urls. Any ideas on how to implement the same for resource Urls ?
Also,
This url has been reported vulnerable even after having a p_auth attached to it :-
https://localhost:8443/web/guest/home?p_auth=Ff1w3fco"><script>alert(51632)</script>&p_p_id=58&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin&_58_doActionAfterLogin=false
Any reason for this, would also be helpful.
Thanks