Hi,
we are using pound on a centos 6 base and it works fine. A few days ago we had a security scan and now there is a problem with xss (cross site scripting). When the client connects on port 80 an ask about a link with bad code in it (GET /"><script>alert(document.domain)</script>.html HTTP/1.1), the pound-system replies with a 300-Code and the full request. Is it possible to filter or do a url-encoding/html-encoding before the 300-Reply gets back to the browser ? Or what else can we do to resolve this issue.
Any suggestions are welcome
kind regards
fatcharly
