Home/ Questions/Q 5996317
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T00:05:09+00:00

A security firm surprise audited a web app I work on, and told me

  • 0

A security firm surprise audited a web app I work on, and told me that there are XSS vulnerabilities. I don’t really know where to begin.

This is the AJAX:

new Form.Observer('filter', 0.5, function(element, value) 
{
    startLoad('proposals');; 
    new Ajax.Updater('proposals', 'http://acme.example.dev/stuff/filter', 
        {
            asynchronous:true, evalScripts:true, onComplete:function(request)
                {
                }, parameters:value + '&authenticity_token=' + encodeURIComponent('base64StringHere')
        })
});
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s hard to say for sure how to track down the vulnerability, since it’s not clear what user input your page is displaying. Since you’re using RoR, the best place to start is probably the XSS section of the RoR security guide.

    You could also try running a scanner like skipfish. It will try to automatically detect XSS and other security vulnerabilities, and if it finds them it will give you some details and documentation to help fix the problem.

    • 0