Posted on 2006-08-24 21:37
rednight 閱讀(438)
評論(0) 編輯 收藏 所屬分類:
工作學習
一個項目中的URL中有HTML特殊符號,被SiteMinder阻止了,想了許多方法去改這個URL,沒成功. 后來才想到修改SiteMinder的配置,反正是內部有限的幾個人使用,沒有必要留著跨站腳本的檢驗,于是問題得到解決.
下面是SiteMInder文檔中的一段:
Disabling Cross-Site Scrpting Checks
In most cases, the Web Agent should block against cross-site scripting, However, if you have URLs that include HTML characters or your site already has an application that checks for croos-site scripting, you may want to disable this feature.
To disable the cross-site cripting:
Add the following parameter to the WebAgent.conf file:
csschecking = "No"
The default is YES.
For detailed information about cross-site scripting, refer to the following site:
http://www.cert.org/ and read CERT advisory CA-2000-02.