Hi All,
I have one live site in which if we are giving something like that-
www.mysite.us/search?q=&site=mysiteus_prod&client=eop_offers_frontend&output=xml_no_dtd&proxystyl
its showing me some XML file on the browser.
I tried to add below X-security header at the dispatcher level but no luck-
# X-XSS-Protection
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>
If anyone has faced the same issue, please help me out.
Thanks,
Anoop
Views
Replies
Total Likes
What exactly are you trying to do here? Looks like you are searching for content.
Views
Replies
Total Likes
Hi Scott,
when I am hitting-
www.mysite.us/search?q=&site=test
its showing some XML instead of an error page. how to handle this XSS through dispatcher.
<GSP VER="3.2">
<TM>0.000612</TM>
<Q/>
<PARAM name="q" value="" original_value=""/>
<PARAM name="site" value="test" original_value="test"/>
<PARAM name="ie" value="UTF-8" original_value="UTF-8"/>
<PARAM name="ulang" value="en" original_value="en"/>
<PARAM name="access" value="p" original_value="p"/>
<PARAM name="sort" value="date:D:L:d1" original_value="date:D:L:d1"/>
</GSP>
Thanks
Views
Replies
Total Likes