ESAPI’s encodeForHTML vs encodeForHTMLAttribute
Gokul
232

Thanks Gokul, i’ve following query. If i want to bypass the dom based xss like added JS script to the URL, do i need to use these methods to encode the URL or what else could be the solution to prevent? Following is the example.

<Something.com:<port>>/some.jsp?parameter=<value>’)<alert(100)>
If the URL is modified like above by adding extra alert, how to bypass these kind of modifications.

Like what you read? Give Aditya Valluru a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.