Page 1 of 1
XSS Vulnerabilities
Posted: Wed Jun 21, 2017 7:56 pm
by phatsaqs
Hello,
I am trying to resolve a number of issues with cross site scripting throughout the application on various input pages.
Is there a quick and easy way to apply anti XSS measures application wide without digging into the code?
Re: XSS Vulnerabilities
Posted: Thu Jun 22, 2017 8:59 am
by canelli
Hi ,
we periodically made some vulnerablity tests on forma.lms . protect forma.lms from XSS is our first security goal.
There are a library that check and purify the input parameters and can be used on parameter not already checked .
Please send me a private message so we can discuss around your checks and patchs and incorporate your work in the official releases
Claudio
Re: XSS Vulnerabilities
Posted: Thu Jun 22, 2017 2:01 pm
by phatsaqs
What is the name of this library? Is it not being used in forma now? If so how can I enable it. If not what is the best way to incorporate it into forma?
Re: XSS Vulnerabilities
Posted: Thu Jun 22, 2017 3:03 pm
by canelli
in forma since version 1.0 and before in docebo 4.0.5 there is the common library
loaded by the common boostrap.php
the library purifies input using custom implementaton and the htmlpurifer third part libary
Please send XSS vulnerabilities you found in private mode (and share your), so we can analyze and fix (with your collaboration) them before share public
Claudio