3 Replies Latest reply on Jun 16, 2011 12:26 AM by trong.tran

    Protecting GateIn from XSS

    amayingenta

      Hi, we have a GateIn 3.1 based portal in development, and a scan showed a potential XSS security vulnerability.

       

      For example, with the sample portal, a URL like this:

       

      http://<server>/sample-portal/public/classic/%22%20onload=alert%280%29%20%3E%3Cscript%3Ealert%280%29%3C/script%3E

       

      will open a JavaScript alert multiple times. It seems that extra path in the URL is not being sanitized (in particular for double quotes), and in the generated HTML you get values like this:

       

      <script type="text/javascript">

            eXo.env.server.portalBaseURL = "/sample-portal/public/classic/%22%20onload=alert%280%29%20%3E%3Cscript%3Ealert%280%29%3C/script%3E" ;

       

      <div class="CloseButton" title="Close Window" onclick="javascript:ajaxGet('/sample-portal/public/classic/" onload=alert(0) ><script>alert(0)</script>

       

      I'm not really familiar with GateIn, so if we wanted to add a Filter to sanitize URLs, I'm not sure where we would put it, and whether that would work. We have our own custom EAR file - that I think makes it an extension portal.

       

      Any ideas?

       

      Thanks,

      Andrew