prevent XSS attacks via malformed query string
----------------------------------------------
Key: OODT-364
URL: https://issues.apache.org/jira/browse/OODT-364
Project: OODT
Issue Type: Improvement
Components: balance
Affects Versions: 0.3
Reporter: Andrew Hart
Assignee: Andrew Hart
Fix For: 0.4
At the moment the URL is stored 'as is' in the ApplicationRequest object. If
shown later in a view, (e.g.: on a 404 page) it represents an XSS hole. To
protect against this, the url should be sanitized through a call to
htmlentities() prior to storage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
