XSS Cross-site Scripting Application Firewall is not blocking correctly
Article ID: CTX237237
Updated On:
Description
Blob URI/URL if created by JavaScript, refers to data that browser currently has in memory (only in current page), and does not refer to data the exists on the host.
For example, if one looks at the network requests using developer tools, the request something similar to below would be seen which would fetch the data (search data containing cross site scripting) that is currently browsers memory and run it.
The tool saves the data in browsers memory, sends the requests to back end and also executes blob URI which is reflecting the input data.
Resolution
It would be surely beneficial to contact the Citrix Customer Support to verify if the back end server is configured in the way as suggested above.
Problem Cause
Application Firewall is working as expected , however the back end server is not listening the response from the NetScaler Application Firewall.
Was this article helpful?
Yes
No
Powered by
