[Esapi-user] Javascript security vulnerability - top.location.href

• Next message: [Esapi-user] encoding request.getContextPath()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi ,

how can prevent XSS vulnerability with java script.

The HP WebInspect tool is reporting the following to
be an issue :

 function _getHash() {

        var href;
        var i;

        href = top.location.href;
        i = href.indexOf( "#" );
        return i >= 0 ? href.substr( i + 1 ) : null;
    }


The error it reports is :

Source: Read ~localScope.~parent.~parent.top.location.href from __getHash



Any suggestions how i can use the ESAPI api's to fix this.

Thanks
Bina

• Next message: [Esapi-user] encoding request.getContextPath()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]