WebApp Sec mailing list archives

IBM Websphere Commerce Server 5.5 XSS detect mode

From: "Jim+Lisa Weiler" <lisajimbo () rcn com>
Date: Mon, 10 May 2004 22:37:34 -0400

IBM Websphere Commerce server 5.5 has a switch that causes the server to
examine all fields in POSTs and all variables in GETs and check the input
against a set of strings and characters that are not allowed, and return one
of 3 customs web pages if non allowed strings or characters are found. Does
anyone have experience with this feature in Websphere Commerce Server?

Thanks, Jim

Current thread:

IBM Websphere Commerce Server 5.5 XSS detect mode Jim+Lisa Weiler (May 11)
- Re: IBM Websphere Commerce Server 5.5 XSS detect mode The Crocodile (May 11)
  - Re: IBM Websphere Commerce Server 5.5 XSS detect mode Paul Johnston (May 12)
    - Whitelist vs. Blacklist input validation (Was Re: IBM Websphere Commerce Server 5.5 XSS detect mode) The Crocodile (May 12)