Thanks Nick for your reply
I understand that the developer has to make sure that code is secured. But as you have mentioned module.nocache.js is a build artifact so how do we resolve/ address veracode issues identified in this file?
On Wed, Feb 19, 2020 at 1:35 AM Nick Wilton <nick@guided.net.au> wrote:
module.nocache.js is a build artifact, created with GWT. Like all web technologies it's up to the developer using GWT to ensure vulnerabilities like XSS are not introduced.
There's further information about avoiding the introduction of XSS vulnerabilities in GWT applications here:On 19 Feb 2020, at 06:33, kaveri <dusanekaveri@gmail.com> wrote:Veracode has reported 5 places with error - improper neutralization of script related hrml tags in web page(basic xss) in module.nocache.js at line number 4, 10, 9 and 13
Is there any fix to this issue or proper explanation to prove that code is secured
--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/49e6d69a-fc94-42e1-b70b-14a550044d03%40googlegroups.com.--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/6A9B52B4-7575-4EEB-88CC-C9FFD75D9C9D%40guided.net.au.
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/CA%2Bg1iwLU-UHuPBJS8POKNnxvrQZc0UcHQEErgZ%3DF1ZQ51n9j%2BA%40mail.gmail.com.
No comments:
Post a Comment