0

I am working on a project where am getting an error of Cross Site Scripting.. In a JSP file there is a code line below

var selSubArea = document.adminForm.subjAreaId.options[document.adminForm.subjAreaId.selectedIndex].text;

Anyone having idea how to resolve it. Any help will be appreciated. Thanks in Advance

I have already tried to use different Encoding techniques but not working... for eg. Encode.forHtml, Encode.forJavascript, COV Security, fn EscapeXML.....

var selRole = document.adminForm.appnRoleId.options[document.adminForm.appnRoleId.selectedIndex].text;
var selSubArea = document.adminForm.subjAreaId.options[document.adminForm.subjAreaId.selectedIndex].text;
var selRoleID = document.adminForm.appnRoleId.options[document.adminForm.appnRoleId.selectedIndex].value;
var selSubAreaID = document.adminForm.subjAreaId.options[document.adminForm.subjAreaId.selectedIndex].value;

I am getting this Cross Site scripting issue with only texts Inputs.. and these are actually Dropdowns..

Improve this question

1 Answer 1

Reset to default
0

My guess is your trying to stop someone entering data XSS into your drop down menu from your question.

Maybe have the selected Index's info hard coded on the server/application and just send the index.

var selSubArea = document.adminForm.subjAreaId.selectedIndex;

If the index doesn't match indexes on the server/application, just ignore it.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks for the suggestion..I'll try to use it.. 😊
Can you take look at this [stackoverflow.com/q/55927975/11352304]
Hi, i tried to use var selSubArea = document.adminForm.subjAreaId.selectedIndex; but its only giving ID...is there any other way to use both at same time "option" & "SelectedIndex"...
Your ID should match your option on your server. How have you got your server side set up. It Should take Selected index and match it with the option

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.