Open TomasWso2 opened 5 months ago
Description: The patterns given in https://apim.docs.wso2.com/en/3.2.0/learn/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway/#blacklisting-patterns are not correct for JavaScript Injection.
For the JavaScript Injection '<\sscript\b[^>]>[^<]+<\s/\sscript\s*>' should be used.
Same as shown in https://apim.docs.wso2.com/en/4.1.0/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway/
Affected Product Version: APIM 3.2.0
Related Issues: https://github.com/wso2/docs-apim/issues/7722 https://github.com/wso2/api-manager/issues/2549
Description: The patterns given in https://apim.docs.wso2.com/en/3.2.0/learn/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway/#blacklisting-patterns are not correct for JavaScript Injection.
For the JavaScript Injection '<\sscript\b[^>]>[^<]+<\s/\sscript\s*>' should be used.
Same as shown in https://apim.docs.wso2.com/en/4.1.0/deploy-and-publish/deploy-on-gateway/api-gateway/threat-protectors/regular-expression-threat-protection-for-api-gateway/
Affected Product Version: APIM 3.2.0
Related Issues: https://github.com/wso2/docs-apim/issues/7722 https://github.com/wso2/api-manager/issues/2549