Hello,
I am really baffled at how someone can insert a <A target> link into the
following WebObjects page:
.....
<td> &#x5b;Enter brief description of issue&#x28;s&#x29;&#x5d;
<br/>
<a href="javascript:void(0);" onClick="show_summary(this);
return false;">Show Summary</a>
<A target="[Enter brief description of
issue(s)]"
onClick="window.open('/cgi-bin/WebObjects/MyTestApp.woa/1/wo/TTx5ltJlAYLbrboJWoAQyw/4.0.19.13.7.11.1.5.7.7.3.1.11','[Enter
brief description of
issue(s)]','toolbar=no,location=no,status=no,menubar=no,resizable=yes,scrollbars=yes,width=900,height=600');
return false"
href="/cgi-bin/WebObjects/MyTestApp.woa/1/wo/TTx5ltJlAYLbrboJWoAQyw/4.0.19.13.7.11.1.5.7.7.3.1.11">Show
Details</A>
</td>
......
All input fields are verified and sanitized.
Could someone inject this <A> link from the above onClick="show_summary()" java
script?
Many thanks for your advice,
-mai
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to [email protected]
