Vendor scanners routinely complain about this href call, but such pattern matching scanners lack the context of the other XSS mitigation protects put in place by GWT. It pops up at lease yearly here. Use the tool properly and you'll be fine.
-- https://groups.google.com/forum/?fromgroups=#!searchin/google-web-toolkit/gwt$20security/google-web-toolkit/WKcB-pDtfgA/CX2-nuHcMr0J
https://groups.google.com/forum/?fromgroups=#!searchin/google-web-toolkit/gwt$20vulnerability/google-web-toolkit/7LrsBlQdDaw/E_PS2CdOGW8J
Sincerely,
Joe
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment