• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 854
  • Last Modified:

cross-site scripting coldfusion pci compliance

I need to adhere to some bullshit PCI compliance.    the app is written in Coldfusion.   from what I've found on the web I gotta somehow check an url parm to make sure it doesn't have any html in it.
please help!!
0
jonvanCR
Asked:
jonvanCR
1 Solution
 
jonvanCRAuthor Commented:
giving the scriptProtect option a try.   will let you know how it goes.
thanks for you quick response!!
0
 
ahoffmannCommented:
if you're talking about PCI-DSS 1.2 (6.6), then you have to use consecutive SCA or WAF, then you're compliant (nevertheless your code is vulnerable to XSS or not;-)

Anyway, if you want to be XSS-save, then check your input and reject anything which contains < or > or " or ' or =
If you input is feed to CSS or active scripting code (like JavaScript) more checks have to be done.
0
 
websauceCommented:
In CF7, adding scriptprotect alone does not help with PCI "cross-site scripting" compliance.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now