I would like to know how to prevent XSS in the following situation.
http://localhost/../shop/BSAOmnifindQueryCmd?
storeId=11001&catalogId=1005
=%22%3E%0D%0A%3Cscript+%3Ealert%28123%29%3C/script+%3E&ip_state=&ip_sortBy=&ip_constrain=&ip_navtype=search&pageSize=12¤tPage=0&searchCategory=searchView&langId=-1
The Jsp Page goes to the server side. In server side there a is prohibited char. check . So page redirects to that page but the url remain same and the Script alert pops up.
Please let me know how to prevent this type of attack.
Thanks
Suja