close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Cross Site Scripting issues

Thread began 7/30/2010 5:46 pm by webassist2366041 | Last modified 8/05/2010 11:36 am by webassist2366041 | 3224 views | 12 replies

webassist2366041

Cross Site Scripting issues

I created forms for the upload of files and for the processing of credit cards. They have been in place since last year and have not been changed except for text changes.

Our site has passed security compliance scans by SecurityMetrics.com during that time until this week when it failed.

SecurityMetrics techs said that there was cross site scripting problems on on pages, such as this one:
manuscript_submission.html. He said to make sure that our host was sanitizing all user input for html code. Characters : < > / \ ? = ' and "

I sent that information to our host. Their tech support said that it was a problem that must be solved by the web designer -- i.e., me -- and that they didn't support third-party programs.

Our merchant account is in jeopardy because we are now non-compliant and fees have begun to accrue.

I even removed that page to see if it would pass (which it didn't), but there are other pages that have the same problem. I will put it back up after I finish this message so that you can see it.

I don't know if the following is related or it's a different problem. When opening a page, I got this error:
JavaScript error while loading WA eCart AdvCo.htm: At line 746 of the file "Macintosh HD:Applications:Adobe Dreamweaver CS3:Configeration:Shared:Controls:Scripts:WATrigger.js": ReferenceError: WA_getDocumentDOM is not defined

Another page had this error: While executing analyzeServerBehavior in WA eCart AdvCo.htm, a JavaScript error occurred.

Both of these might have absolutely nothing to do with the non-compliance issue.

As soon as I send this message to you, I'll put the page mentioned above back online so that you can see it.

Please help us.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...