Closed sajanyamaha closed 1 year ago
Am I doing anything wrong here , trying to fix a XSS vulnerability which popped up in Fortify scans ,
Before , $(window.opener.document).find(tableId + ' .PROMO_NM').val('Y');
$(window.opener.document).find(tableId + ' .PROMO_NM').val('Y');
After , $(window.opener.document).find(tableId + ' .PROMO_NM').val(DOMPurify.sanitize('Y'));
$(window.opener.document).find(tableId + ' .PROMO_NM').val(DOMPurify.sanitize('Y'));
On rescan the vulnerability stays !
I would assume that the issue might be the tableId on find()- but this or the other way that strikes me as a false alert in Fortify. Not our bug :)
tableId
find()
Am I doing anything wrong here , trying to fix a XSS vulnerability which popped up in Fortify scans ,
Before ,
$(window.opener.document).find(tableId + ' .PROMO_NM').val('Y');
After ,
$(window.opener.document).find(tableId + ' .PROMO_NM').val(DOMPurify.sanitize('Y'));
On rescan the vulnerability stays !