Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
2 replies Latest Post - ‏2012-12-07T17:07:36Z by SystemAdmin
SystemAdmin
SystemAdmin
37422 Posts
ACCEPTED ANSWER

Pinned topic How to handle Cross site scripting (XSS) in WebSphere Application Server 7

‏2012-12-07T10:18:21Z |
Hello Everyone,

My application is hosted in WAS Fix-pack Lvl 7.0.0.25 in AIX platform, we are currently running some scans and its been found that we have Cross-site scripting issue with the application. I would like to know if this can be handled at the WebSphere Application Server level. I know there is a way to enable Cross site scripting protection in WebSphere Commerce Server, however couldn't find this option in WAS. Anyone know if this can be done at the application server level, please let me know. Thank you in advance.

rgds,
Nirmal.
Updated on 2012-12-07T17:07:36Z at 2012-12-07T17:07:36Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    37422 Posts
    ACCEPTED ANSWER

    Re: How to handle Cross site scripting (XSS) in WebSphere Application Server 7

    ‏2012-12-07T11:31:37Z  in response to SystemAdmin
    > GQSW_Nirmal_Kannan wrote:
    > Hello Everyone,
    >
    > My application is hosted in WAS Fix-pack Lvl 7.0.0.25 in AIX platform, we are currently running some scans and its been found that we have Cross-site scripting issue with the application. I would like to know if this can be handled at the WebSphere Application Server level. I know there is a way to enable Cross site scripting protection in WebSphere Commerce Server, however couldn't find this option in WAS. Anyone know if this can be done at the application server level, please let me know. Thank you in advance.
    >

    I don't think you'll have much luck with that approach. Your application has to handle its own input and output with care to avoid XSS.
    • SystemAdmin
      SystemAdmin
      37422 Posts
      ACCEPTED ANSWER

      Re: How to handle Cross site scripting (XSS) in WebSphere Application Server 7

      ‏2012-12-07T17:07:36Z  in response to SystemAdmin
      Thank you Eric.

      So only way to protect application from cross site scripting is from the application itself, No option in WAS to protect it :(