localhost:8080/portal/help/html/help.jsp?allowLink=true&emailLink='"()%26%251<iframe id="mainIframe" width="800" height="600" src="http://google.com"></iframe>
How to prevent cross site scripting in sakai. i am calling req.getQueryString() in RequestFilter.java then i am getting this url.please help me how to solve issue
Thanks in Advance
If you uncover a security vulnerability in Sakai software please do not voice your concerns on any public listserv, blog or other open communication channel but instead notify the Sakai Foundation immediately at [email protected]. Please provide a callback telephone number so that we can contact you by telephone if it is deemed necessary.
See the policy here: https://confluence.sakaiproject.org/display/SECWG/Security+Policy
If you create a login here: https://jira.sakaiproject.org/secure/Dashboard.jspa
You can report the security issue by creating an issue and setting the Security Level pulldown to "Security Issue" Thanks