none
Checkmarx Client_Reflected_File_Download security vulnerability

    Pertanyaan

  • Hi Checkmarx has detected a security vulnerability in the code: Cross-domain 'jsonp' ajax call not XSS safe. The suggestion given as: An explicit file name is not defined for the Content-Disposition header. Filename attribute is required in order to prevent the browser from assuming the resource is an executable and download a possibly malicious file." T

    The code works fine but security tool has identified this.

    $.ajax({
     url: "https://www.example.com?format=rich&client=aem_frontend",
     dataType: "jsonp",
     data: "&q=" + request.term,
     success: function(data) {
      $('.searchPanel').css('display', 'none');
      if (data.results.length > 0) {
       response($.map(data.results, function(item) {
        return {
         label: item.name
        }
       }));
      } else {
       $('.ui-autocomplete ').css('display', 'none');
       $('.searchPanel').css('display', 'block');
       $('.searchPanel').css('display', 'block');
       // $('#zero-result').removeClass("noDisplay").css('display','block');
       //$('#err_text').text("Whoops! We couldn’t find any matches for "+request.term);
      }
    
     },
     error: function(data) {
      alert("inside failure" + data.status + ' ' + data.statusText);
     }
    });




    Regards Vaibhav Kaulkar

    Sabtu, 13 Oktober 2018 10.54

Semua Balasan

  • Hi VaibhavKaulkar,

    Thank you for posting here.

    Since your question is more related to ajax, you could post a new thread in StackOverFlow.

    https://stackoverflow.com/questions/tagged/ajax

    The CLR Forum discuss and ask questions about .NET Framework Base Classes (BCL) such as Collections, I/O, Regigistry, Globalization, Reflection. Also discuss all the other Microsoft libraries that are built on or extend the .NET Framework, including Managed Extensibility Framework (MEF), Charting Controls, CardSpace, Windows Identity Foundation (WIF), Point of Sale (POS), Transactions.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Senin, 15 Oktober 2018 07.31