This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ApEx:XSS

From OWASP

Revision as of 20:32, 21 November 2008 by Mjk303 (talk | contribs) (New page: ==WIP 21/11/2008== ==Overview== ==Example== Create a Form on a table of type “Form on a Table with Report” Run the Report and create a row with this data in a VARCHAR2 column When y...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

1 WIP 21/11/2008
2 Overview
3 Example
4 Solution

WIP 21/11/2008

Overview

Example

Create a Form on a table of type “Form on a Table with Report” Run the Report and create a row with this data in a VARCHAR2 column

When you press Create and branch back to the Report the JavaScript is run

Solution

Escape output, make the character as literal's

In PL/SQL use this function: HTF.escape_sc Read about safe items in the User’s Guide

Retrieved from "https://wiki.owasp.org/index.php?title=ApEx:XSS&oldid=46718"