Reputation: 47
XSS remediation - Improper Neutralization of Script-Related HTML Tags
I'm trying to fix some XSS errors with my code. #getEmailRecord is the line that contains the problem. How do I fix a piece of code like this? The error: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Veracode cleansing solution: coldfusion.runtime.CFPage.HTMLEditFormat
tr>
<td> </td>
<td class="left"><b>To: </b></td>
<td class="left">#getEmailRecord.EMAIL_TO#</td></tr>
<tr><td colspan="4"> </td></tr>
Thanks! This is my first time doing something like this so any help is much appreciated.
Upvotes: 0
Views: 666
Answers (1)
Reputation: 13548
Veracode cleansing solution: coldfusion.runtime.CFPage.HTMLEditFormat The recommended solution tells you what to do. Wrap any variables which contain user supplied data that you utilize in your code in #HTMLEditFormat()#.
<td class="left">#HTMLEditFormat(getEmailRecord.EMAIL_TO)#</td></tr>
Description
Replaces special characters in a string with their HTML-escaped equivalents.
Add if you are on ColdFusion 10 or newer you have even more options - EncodeFor Functions
Upvotes: 2
Related Questions
- How to fix Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) with error message?
- Javascript: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
- Veracode - Improper Neutralization of Script-Related HTML tags in a Web Page (Basic XSS)
- ColdFusion XSS Protection with 3 Contexts all-in-one
- How to prevent script tags and other XSS entities from being inserted into the db?
- How can I fix improper Neutralization of Script-Related HTML Tags in a Web Page?
- How to handle Script Attack in application
- Prevent XSS attacks site-wide
- ColdFusion how to Prevent XSS Attacks in a WYSIWYG