Hi all,
I have created a portal pdk project and configured it for anonymous access . The project accepts the question id through query string as below
http://myportal.com/irj/portal/anonymous/questions?questionid=2;
but due to this there is a possibility for some XSS attacks for example
http://myportal.com/irj/portal/anonymous/questions?questionid=18c78b0'-alert('XSS_INJECTION')-'e3a1f
this gives me a pop up XSS_INJECTION. even though i sanitized the questionid in java code . the Javascript function alert is executed first and the URL hits the Particular servlet/pdk object then.
How can i solve the above issue for removing XSS attacks can that can be handled from Code?
Please do the needful.
Regards
Prasad