locked
How to eliminate XSS with window open RRS feed

  • Question

  • User-1132666198 posted

    I have inherited an old classic ASP program. In it the coder used the below code to open windows. I have to scan the program with a Fortify scan to try and eliminate the problems. The scan labels everyone of these as Cross site scripting. I added the Server.URLEncode to try and get the scan to not recognize them as XSS problems, didn't work. All of the pages the code open are in the website none go outside for external pages. Can someone help me with the code that will keep the scan from marking these as XSS. Thanks for the help.

    <script>
      function CloseRejectWindow() {
      window.opener.parent.parent.location = "107_ETAR_frames.asp?status_id= <%=Server.URLEncode(status_id)%>"
    window.close()
     }
    </script>
    Saturday, January 27, 2018 3:11 PM

All replies