Table of Contents
Advertisement
Parameters
error
passthru
set
strip
Related Commands
unvalidated-fixup-map
unvalidated-xss-check
Controls checking of name-value pairs that do not match an entry in the validation
list for Cross Site Scripting signatures.
Syntax
unvalidated-xss-check {on | off}
Parameters
on
off
Guidelines
Cross-site scripting (XSS) signatures are generally attempts to obfuscate the real
meaning of the value if the value were displayed directly in a browser. You want
to validate any data that might get stored and displayed again later, such as the
contents of a comment form. The check looks for escaped characters, characters
with the high-bit set, and various forms of the term script, which is often used to
engage JavaScript on a browser without the user knowing.
Related Commands
unvalidated-fixup-map
validation
Creates a validation lList.
Syntax
validation name-PCRE value-PCRE policy [check-XSS]
Parameters
name-PCRE
Generates an error. The Error Handling Policy or the Error Handling Map
can then handle the error condition.
Passes the name-value pair through for further processing.
Replaces the Value attribute with the string set by the
unvalidated-fixup-map command.
Removes the name-value pair from the entity (HTTP header, HTTP body,
or query string).
Enables checking.
Disables checking.
Specifies a PCRE that the submitted names are matched against. If they
match the value must also match against the corresponding value
constraint to be passed through.
Chapter 93. Web Application Name Value Profile configuration mode
755
Advertisement
Table of Contents
