Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

XSS attack in sap portal pdk object

Hi all,

I have created a portal pdk project and configured it for anonymous access . The project accepts the question id through query string as below;

but due to this there is a possibility for some XSS attacks for example'-alert('XSS_INJECTION')-'e3a1f

this gives me a pop up XSS_INJECTION. even though i sanitized the questionid in java code . the Javascript function alert is executed first and the URL hits the Particular servlet/pdk object then.

How can i solve the above issue for removing XSS attacks can that can be handled from Code?

Please do the needful.



Not what you were looking for? View more on this topic or Ask a question