This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
@Mukundha Madhavan , Thank You !! I got answer how to handle for SQL Injection.
I believe little detail about policy for Cross Site Scripting(XSS). I see a thread for API Vulnerablities. But, would be great if have more details for XSS from Policy Perspective. Thank You for your help !!
Similar to the SQL injection -- from an API perspective, it is important to sanitize the input parameters. Look here for - detecting script patterns in the policy, specifically the javascript injection. As mentioned in the other articles, there are several solutions to handle at different parts of the stack
I see this Java Script Pattern : <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*> here. But how i use in <Pattern> tag in "Regular Expression Protection" Policy. Am I referring Right Policy ? if use either <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*> or <\s*script\b[^>]*>[^<]+<\s*/\s*script\s*> Pattern tag does not accept this java script pattern. Can you guide on this ?
LinkedIn
Twitter
