AnsweredAssumed Answered

Cross site scripting

Question asked by Giridharan_S on Mar 15, 2019
Latest reply on Mar 17, 2019 by Mark.ODonohue

I am trying to secure the API from xss scripting attack. To protect, i have used protect against code injection assertion enabled with HTML/JavaScript Injection (Cross-site Scripting). But it fails in situtation when the request is multiple encoded. Say for example, request with double encoded value like - %253Cscript%253E will become a serious threat if passed. Is there any way to prevent this? Please share your suggestions. 

Thanks, 

Giridharan selvaraj. 

Outcomes