This discussion is archived
2 Replies Latest reply: May 8, 2012 5:49 AM by user279104 RSS

People Connections - message wall vulnerable to  javascript injection

user279104 Newbie
Currently Being Moderated
Hi,

I am developing Webcenter Portal application with Webcenter 11.1.1.4.

We use People Connections message wall taskflow and noticed that it doesn't filter user input against script injection. For example, one can enter , script > alert('something'); < /script > and click publish. When message wall will be displayed for the next time - this alert window will appear. This is an obvious security flaw, is there any way to avoid it?

As far as I know we can only customize visualization, not implementation of webcenter taskflows?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points