ApplinX web application security: error url encoding and http header attributes injection

leonard.solomyak · April 1, 2023, 11:09pm

What product/components do you use and which version/fix level are you on?

10.11

Is your question related to the free trial, or to a production (customer) instance?

licensed instance

What are you trying to achieve? Please describe it in detail.

address the following security concerns (raised by the customer): Cross-Site Scripting and Third Party HTML Frames

What are the mechanisms to encode the error URL, i.e. using &symbol ?

What are the mechanisms to inject HTML header attributes such as X-Frame-Options, Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, Set-Cookie ?

Assume this is to be done in ApplinX Java framework …

Do you get any error messages? Please provide a full error message screenshot and log file.

No errors, customer is concern with orange level security violation.

Have you installed all the latest fixes for the products and systems you are using?

10.11.0.8.1033

Gadi · April 2, 2023, 12:44pm

Hi Leonard,

I’m not sure what you mean with this, please open a support ticket with more detailed explanations.

system · September 29, 2023, 12:45pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configure two-way SSL authentication between web application and ApplinX server ApplinX	9	1086	February 27, 2022
Fail customising calendar in ApplinX transformations ApplinX	11	1643	April 20, 2022
Latest ApplinX hot fix is not seen on Empower ApplinX , Fixes	2	478	December 31, 2023
Cannot apply stylesheet to the web control created via ApplinX transformation ApplinX	2	948	March 7, 2022
Cannot update ApplinX session description outside the gx_onInit method ApplinX	4	637	April 4, 2023