Message Image

Skip main navigation (Press Enter).

Layer7 API Management

Back to discussions

Expand all | Collapse all

Prevent iframe url injection

Jump to Best Answer

BijKluitDec 25, 2017 07:09 AM

A user can inject code in an url to our forum. The discussion board uses iframes and the following exposes ...

Seiji MoriyamaDec 26, 2017 08:14 PMBest Answer

Hello, How about parsing the POST data and removing URLs in them before posting to your forum? CA ...

Zhijun HeJan 09, 2018 06:27 PM

You may also use regex assertion to validate the url, using special chars #! for example, you may use ...

1. Prevent iframe url injection

0 Recommend
BijKluit
Posted Dec 25, 2017 07:09 AM

Reply Reply Privately
A user can inject code in an url to our forum. The discussion board uses iframes and the following exposes a thread:
https://10.10.10.1/forum#!https://10.10.10.20:8080
Not knowing up front each possible endpoint url because of the dynamic nature or a forum, what is the best way to prevent these injections?
2. Re: Prevent iframe url injection
Best Answer

1 Recommend
Broadcom Employee

Seiji Moriyama
Posted Dec 26, 2017 08:14 PM

Reply Reply Privately
Hello,

How about parsing the POST data and removing URLs in them before posting to your forum?
CA API Gateway can decode the received POST data, parse and edit the forms, encode the POST data again, and POST them to the forum.

Isn't it what you're looking for?

Cheers.
3. Re: Prevent iframe url injection

1 Recommend
Broadcom Employee

Zhijun He
Posted Jan 09, 2018 06:27 PM

Reply Reply Privately
You may also use regex assertion to validate the url, using special chars #!
for example, you may use a regular expression like this,
(.*)#!(.*)

Copyright 2023. All rights reserved.

Powered by Higher Logic