Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

XSS attack in sap portal pdk object

Hi all,

I have created a portal pdk project and configured it for anonymous access . The project accepts the question id through query string as below

http://myportal.com/irj/portal/anonymous/questions?questionid=2;

but due to this there is a possibility for some XSS attacks for example

http://myportal.com/irj/portal/anonymous/questions?questionid=18c78b0'-alert('XSS_INJECTION')-'e3a1f

this gives me a pop up XSS_INJECTION. even though i sanitized the questionid in java code . the Javascript function alert is executed first and the URL hits the Particular servlet/pdk object then.

How can i solve the above issue for removing XSS attacks can that can be handled from Code?

Please do the needful.

Regards

Prasad

Tags:
Not what you were looking for? View more on this topic or Ask a question