Hi,
We are populating few parameters on page (by adding Javascript ) with User_agent and referer for web analytics purpose.But the security scan came back showing Cross-Site Scripting vulnerability as they could insert script in header which looks like
User-Agent: (script)alert(2699803)(/script)Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64
Referer: ">
<script type='text/javascript'>
function setWAVars() {
s.eVar40='(script)alert(2699803)(/script);
}
We have a SiteMapController which populates those variables before page load with header params and so we tried stripping illegal characters from the referer & User_agent before request is sent.But the scan is still able to insert the script.From the behavior it looks like the HTTP header is not modified at all. How can we make sure that the request will not have any script tags?
Java code looks like
userAgent = contactUtils.removeScriptTag(userAgent)
injection.append( userAgent );
RequestContext.getPageScopeData().put( RuntimePage.PAGESCOPE_HEAD_INJECTION, injection );
