Closed dave-gohyperion closed 5 years ago
Shouldn't this be blocking the following querystring:
?test=onclick="alert(document.cookie)"
Using this ruleset it allows that through the WAF. It only blocks if you add in <script> tags.
<script>
Shouldn't this be blocking the following querystring:
?test=onclick="alert(document.cookie)"
Using this ruleset it allows that through the WAF. It only blocks if you add in
<script>
tags.