Hello, Might be a slightly obscure topic but i've not been able to figure out whether Apache Guacamole has any built in features or protections to prevent DOM based XSS attacks.
We've had a security questionnaire come through which includes this as a topic, i've included an OWASP link below. Are you able to provide any info on whether there's something in place for this? "Some XSS vulnerabilities work exclusively on the client side, in an application's scripting code. This kind of XSS is commonly referred to as DOM-based XSS. Because server-side escaping of user input does not protect against DOM-based XSS, you need a strategy for dealing with client-side scripting code that handles user input, as well as parts of the DOM that may contain user input (such as document.location)" https://owasp.org/www-community/attacks/DOM_Based_XSS Thanks Himat -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
