Comments on: DWR 2.0.5 Fixes XSS Vulnerability http://www.veracode.com/blog/2008/06/dwr-205-fixes-xss-vulnerability/ Application security testing, analysis, and metrics Thu, 09 Feb 2012 11:59:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Liav http://www.veracode.com/blog/2008/06/dwr-205-fixes-xss-vulnerability/comment-page-1/#comment-5876 Liav Mon, 03 Jan 2011 15:30:08 +0000 http://www.veracode.com/blog/?p=115#comment-5876 Hi, According to your findings i justed upgraded my jar from DWR2.0.1 to 2.0.5 but still my we application isn't checked for XSS attacks. E.G: When i insert user name such as test i get a normal flow as if the DWR handling hasn't checked the input for scripting tags at all. Am i required to configure anything? Maybe to add an HTTP wrapper filter (as i saw implemented in several sites) ? Hi,

According to your findings i justed upgraded my jar from DWR2.0.1 to 2.0.5 but still my we application isn’t checked for XSS attacks.

E.G: When i insert user name such as test i get a normal flow as if the DWR handling hasn’t checked the input for scripting tags at all.

Am i required to configure anything? Maybe to add an HTTP wrapper filter (as i saw implemented in several sites) ?

]]> By: Zero in a bit » Minimizing the Attack Surface, Part 2 http://www.veracode.com/blog/2008/06/dwr-205-fixes-xss-vulnerability/comment-page-1/#comment-1357 Zero in a bit » Minimizing the Attack Surface, Part 2 Mon, 07 Jul 2008 21:10:45 +0000 http://www.veracode.com/blog/?p=115#comment-1357 [...] a close-to-home example related to my post about DWR 2.0.5 from the other day. DWR is an Ajax framework that has a variety of operating modes. In-house, we [...] [...] a close-to-home example related to my post about DWR 2.0.5 from the other day. DWR is an Ajax framework that has a variety of operating modes. In-house, we [...]

]]>