Hi, I have been asked to add some validation to our Roller installation because it is vulnerable to XSS (Cross Site Scripting) attacks.
The first place that I am looking is in the search on our home page weblog. When you perform a search you can see that the search string is appended to the URL, like this: http://***/roller/frontpageblog/search?=text+to+search+for Therefore it is also possible to create a search string that contains some script like this: http://***/roller/frontpageblog/search?q=<script>alert("XSS")<%2Fscript> The above URL causes a pop up to be displayed. On the search results page, I have seen that I can validate the search text by capturing the variable '$model.term' within weblog.vm on the server (roller\WEB-INF\velocity\weblog.vm). For example, within the macro: showWeblogSearchAgainForm, I can take $model.term and use $utils.replace to strip out any possible script. However, this has no effect on the search string appended to the URL and so the pop up is still being displayed. Question: Could somebody please point me towards how I can monitor the search URL's within Roller so that I can strip out any script? Thank you -- View this message in context: http://www.nabble.com/Please-tell-me-how-to-validate-the-search-string-that-appears-in-the-URL-tp18709716s12275p18709716.html Sent from the Roller - Dev mailing list archive at Nabble.com.
