Hi all,
I encountered a question/problem when I was trying to fix the XSS attack issues. I followed the instruction on SonarCloud, trying to fix the problem. But the problem is still there. SonarCloud suggests we use a white list to validate the data. But in the problematic context, using a white list to validate the data is impossible. The request ID, which is a requirement proposed by the TSC a couple of releases ago to trace the http requests, is generated randomly by the users from the browser side and, it is supposed to be a UUID. So I used a regular expression to validate it before I set it back to the response header. Theoretically, this could prevent such kind XSS attacks. But it doesn't seem to work. Do you have any idea or suggestion on this? More details could be found here. Many thanks in advance. Best Regards, Guangrong -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23306): https://lists.onap.org/g/onap-discuss/message/23306 Mute This Topic: https://lists.onap.org/mt/83435262/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
