0 Replies Latest reply: Nov 15, 2012 5:13 PM by 966934 RSS

    Getting/Updating URLArguments from Dynamo request Object

    966934
      Hello

      I'm having some problems with XSS code sent over a url. I have implemented a sanitization component but when ever malicious code is sent along with the URL like in this one:

      "+includes/account/emailsignup.jsp;>"><script>alert(123)</script><";+"


      That kind of script is sent to a property on the request object that I dont know of to access.

      The DynamoHttpServletRequest saves it on one if its properties named "mAttributeFactories". This property has a map with several values and the one that I'm trying to get is saved in the map like this:
      KEY: atg.servlet.pipeline.URLArguments
      VALUE: Is and object of type URLArgumentAttributeFactory and on one of its properties named mURLArgs it saves the maliciuos code:;%3E%22%3E%3Cscript%3Ealert(123)%3C/script%3E%3C%22

      So in order to sanitize it and strip the dangerous words I need to retrive that property. Anybody knows how can that be done?

      Appreciate a lot your help!