File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

script injected inside value attribute of input tag during security scan - does it really matter?

 
Joshua Antony
Ranch Hand
Posts: 254
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

While running security scan for an application, we got error like The test successfully embedded a script in the response, which will be executed once the user activates the OnMouseOver function However, in the response we can see that the script embedded looks like


I cannot see any security threat here, do we need to worry about this? since we already have a filter which filters out < > symbols , thus <script> can never be injected.
Please provide your valuable suggestions.


 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic