ApEx:XSS

De OWASP
Saltar a: navegación, buscar

WIP 21/11/2008

Overview

Example

Create a Form on a table of type “Form on a Table with Report” Run the Report and create a row with this data in a VARCHAR2 column

When you press Create and branch back to the Report the JavaScript is run


Solution

Escape output, make the character as literal's

In PL/SQL use this function: HTF.escape_sc Read about safe items in the User’s Guide