SC 8, Chrome (latest), firefox (v42)
We have found that when text with HTML code is displayed in pages using SC, the application can be cross-site scripted.
In the iframe1.png image attached to this mail we have an embedded irframe tag
and when the form is displayed we get the behaviour displayed in the attached image iframe2.png
Is there a way in SC to prevent such cross-site scripting - other than filtering all the text that is entered by the user?
Thanks
Stewart Bourke
We have found that when text with HTML code is displayed in pages using SC, the application can be cross-site scripted.
In the iframe1.png image attached to this mail we have an embedded irframe tag
and when the form is displayed we get the behaviour displayed in the attached image iframe2.png
Is there a way in SC to prevent such cross-site scripting - other than filtering all the text that is entered by the user?
Thanks
Stewart Bourke
Attached Files
Comment