10-27-2020, 04:24 PM
After blocking the above issue I had another finding and decided to block the <xss tag with
if (ContainsText(AParam, '<xss')) then
AllowIt := False;
Doing this stops the following:
https://somesite.com/providers/IsProvide...c%2fxss%3e
I guess it should be added to the list of things to block by default so I am posting it here?
if (ContainsText(AParam, '<xss')) then
AllowIt := False;
Doing this stops the following:
https://somesite.com/providers/IsProvide...c%2fxss%3e
I guess it should be added to the list of things to block by default so I am posting it here?