Official Content
  • This documentation is valid for:

Actions by GeneXus

  • GeneXus validates attribute's and variable's types and length.
  • It gives the developer the possibility to specify regular expressions to validate custom entries.
  • GeneXus encodes every data entries on Web Pages generated considering its context (JavaScript, JSON, etc).

Actions by Developers

  • Validate enriched text (like HTML) format entries. Whitelisting is adviced.
  • If a User control or custom HTML code is used the developer must sanitize the user's entries properly.
    • Security Scanner helps to detect this scenario with case codes #101, #109, #117, #118, #121 & #124.
  • The use of the OWASP XSS Prevention Cheat Sheet is adviced.
  • Set the Content Security Policy for browsers properly.
  • Set Session Cookies as HTTPOnly.
    • Security Scanner helps to detect this scenario with case code #124.
  • Security Scanner - Detections:
    • HTML Format (#101), Httpresponse data type usage (#109), Form.HeaderRawHtml (#117), Form.JScriptSrc property (#118), External Object usage (#120), User Control usage (#121), JSEvent usage (#130).

 

.

 

Last update: 22 October 2021 by manuelrod
Last update: February 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant