ApplinX web application security: error url encoding and http header attributes injection

What product/components do you use and which version/fix level are you on?


Is your question related to the free trial, or to a production (customer) instance?

licensed instance

What are you trying to achieve? Please describe it in detail.

address the following security concerns (raised by the customer): Cross-Site Scripting and Third Party HTML Frames

What are the mechanisms to encode the error URL, i.e. using &symbol ?

What are the mechanisms to inject HTML header attributes such as X-Frame-Options, Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, Set-Cookie ?

Assume this is to be done in ApplinX Java framework

Do you get any error messages? Please provide a full error message screenshot and log file.

No errors, customer is concern with orange level security violation.

Have you installed all the latest fixes for the products and systems you are using?

Hi Leonard,

I’m not sure what you mean with this, please open a support ticket with more detailed explanations.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.