We currently did the static security code scan using veracode. The veracode report the following two very high priority issues with GWT generated <module>.nocache.js.
*CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)* (http://cwe.mitre.org/data/definitions/80.html) code: function f(a){if(a.match(/^\w+:\/\//)){}else{var b=m.createElement(ab);b.src=a+bb;a=e(b.src)}return a} *CWE-601: URL Redirection to Untrusted Site ('Open Redirect')* ( http://cwe.mitre.org/data/definitions/601.html) Code: var I;function J(){if(!I){I=true;var a=m.createElement(xb);a.src=yb;a.id=Q;a.style.cssText=zb;a.tabIndex=-1;m.body.appendChild(a);n&&n({moduleName:Q,sessionId:o,subSystem:R,evtGroup:X,millis:(new Date).getTime(),type:Ab});a.contentWindow.location.replace(s+L)}} We need help to mitigate the above issues or any GWT resource which could help us with good explanation. Thanks for your help!! -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
