Section
5.1.3
Top Level
Sub Level
General
Trap and detect malicious input (such as stored XSS).
Coldfusion
Use <cfprocparam>
, <cfqueryparam>
in individual pages. Also, you might check the box in the CF Administrator for "Enable Global Script Protection".
Specify whether to protect Form, URL, CGI, and Cookie scope variables from cross-site scripting attacks.
Natural Webagent
This does not apply to webAgent. In Natural, audit against a whitelist of valid values if one exists. Short of that, use detailed conditional masks. If all of these are too restrictive, use TXN$SCRB
to audit and/or remove non-allowed characters before storage. Always check format and length where appropriate.