Topic
  • 2 replies
  • Latest Post - ‏2012-12-07T17:07:36Z by SystemAdmin
SystemAdmin
SystemAdmin
37421 Posts

Pinned topic How to handle Cross site scripting (XSS) in WebSphere Application Server 7

‏2012-12-07T10:18:21Z |
Hello Everyone,

My application is hosted in WAS Fix-pack Lvl 7.0.0.25 in AIX platform, we are currently running some scans and its been found that we have Cross-site scripting issue with the application. I would like to know if this can be handled at the WebSphere Application Server level. I know there is a way to enable Cross site scripting protection in WebSphere Commerce Server, however couldn't find this option in WAS. Anyone know if this can be done at the application server level, please let me know. Thank you in advance.

rgds,
Nirmal.
Updated on 2012-12-07T17:07:36Z at 2012-12-07T17:07:36Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    37421 Posts

    Re: How to handle Cross site scripting (XSS) in WebSphere Application Server 7

    ‏2012-12-07T11:31:37Z  
    > GQSW_Nirmal_Kannan wrote:
    > Hello Everyone,
    >
    > My application is hosted in WAS Fix-pack Lvl 7.0.0.25 in AIX platform, we are currently running some scans and its been found that we have Cross-site scripting issue with the application. I would like to know if this can be handled at the WebSphere Application Server level. I know there is a way to enable Cross site scripting protection in WebSphere Commerce Server, however couldn't find this option in WAS. Anyone know if this can be done at the application server level, please let me know. Thank you in advance.
    >

    I don't think you'll have much luck with that approach. Your application has to handle its own input and output with care to avoid XSS.
  • SystemAdmin
    SystemAdmin
    37421 Posts

    Re: How to handle Cross site scripting (XSS) in WebSphere Application Server 7

    ‏2012-12-07T17:07:36Z  
    > GQSW_Nirmal_Kannan wrote:
    > Hello Everyone,
    >
    > My application is hosted in WAS Fix-pack Lvl 7.0.0.25 in AIX platform, we are currently running some scans and its been found that we have Cross-site scripting issue with the application. I would like to know if this can be handled at the WebSphere Application Server level. I know there is a way to enable Cross site scripting protection in WebSphere Commerce Server, however couldn't find this option in WAS. Anyone know if this can be done at the application server level, please let me know. Thank you in advance.
    >

    I don't think you'll have much luck with that approach. Your application has to handle its own input and output with care to avoid XSS.
    Thank you Eric.

    So only way to protect application from cross site scripting is from the application itself, No option in WAS to protect it :(