Hi Mai,
I am confused. That HTML looks like it was added on the server. Are you
using an Ajax component that is adding this to your page?
Chuck
On 2011-08-12, at 4:57 PM, Mai Nguyen wrote:
> Hello,
> I am really baffled at how someone can insert a <A target> link into the
> following WebObjects page:
> .....
> <td> &#x5b;Enter brief description of issue&#x28;s&#x29;&#x5d;
> <br/>
> <a href="javascript:void(0);" onClick="show_summary(this);
> return false;">Show Summary</a>
>
>
> <A target="[Enter brief description of
> issue(s)]"
> onClick="window.open('/cgi-bin/WebObjects/MyTestApp.woa/1/wo/TTx5ltJlAYLbrboJWoAQyw/4.0.19.13.7.11.1.5.7.7.3.1.11','[Enter
> brief description of
> issue(s)]','toolbar=no,location=no,status=no,menubar=no,resizable=yes,scrollbars=yes,width=900,height=600');
> return false"
> href="/cgi-bin/WebObjects/MyTestApp.woa/1/wo/TTx5ltJlAYLbrboJWoAQyw/4.0.19.13.7.11.1.5.7.7.3.1.11">Show
> Details</A>
> </td>
> ......
> All input fields are verified and sanitized.
>
> Could someone inject this <A> link from the above onClick="show_summary()"
> java script?
>
> Many thanks for your advice,
>
> -mai
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their overall
knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to [email protected]
