This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes Security and the fly likes script injected inside value attribute of input tag during security scan - does it really matter? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "script injected inside value attribute of input tag during security scan - does it really matter?" Watch "script injected inside value attribute of input tag during security scan - does it really matter?" New topic
Author

script injected inside value attribute of input tag during security scan - does it really matter?

Joshua Antony
Ranch Hand

Joined: Jun 05, 2006
Posts: 254
Hi All,

While running security scan for an application, we got error like The test successfully embedded a script in the response, which will be executed once the user activates the OnMouseOver function However, in the response we can see that the script embedded looks like


I cannot see any security threat here, do we need to worry about this? since we already have a filter which filters out < > symbols , thus <script> can never be injected.
Please provide your valuable suggestions.



SCJP,SCWCD, Into ATG now!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: script injected inside value attribute of input tag during security scan - does it really matter?