Protect against cross scripting attacks (xss) in JBoss?
Issue
- Is there a JBOSS configuration which I can enable which will disallow or disable the embedded script in URL processing? For example: https://host.com/example.xhtml?cyc=<script>alert(1)</script>.
Environment
- JBoss Enterprise Application Platform (EAP) 5.x
- Apache Tomcat
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.