Posted on 2006-08-24 21:37
rednight 阅读(432)
评论(0) 编辑 收藏 所属分类:
工作学习
一个项目中的URL中有HTML特殊符号,被SiteMinder阻止了,想了许多方法去改这个URL,没成功. 后来才想到修改SiteMinder的配置,反正是内部有限的几个人使用,没有必要留着跨站脚本的检验,于是问题得到解决.
下面是SiteMInder文档中的一段:
Disabling Cross-Site Scrpting Checks
In most cases, the Web Agent should block against cross-site scripting, However, if you have URLs that include HTML characters or your site already has an application that checks for croos-site scripting, you may want to disable this feature.
To disable the cross-site cripting:
Add the following parameter to the WebAgent.conf file:
csschecking = "No"
The default is YES.
For detailed information about cross-site scripting, refer to the following site:
http://www.cert.org/ and read CERT advisory CA-2000-02.