Great Ideas. Always Flowing.

We are not happy until you are happy. Client satisfaction guaranteed. Whatever your needs and requirements, we have the skills and resources for the job!

Quick login...

Or... now make it easy with Facebook Integration
Connect via Facebook

Top Sellers

Dynamic Registration 4.0

Frustrated over the lack of customization for your user's registration fields? Dynamically setup your DNN Portal with custom registration fields, layout, questions, and other core integration options......

Ultra Video Gallery 4

Ultra Video Gallery is a brother product of Ultra Media Gallery, UVG allows you to upload videos in various format and automatically encode them to flv or H264 format, you also can add videos from internet or record live videos from your webcam.

XMod Pro 2.7 - Forms and Views for Databases

Build high performance, completely customizable data-entry forms and views driven by your DNN and external databases. New built-in tools make it a snap to quickly create data entry forms, data views, and even database tables. Plus, add your own HTML, CSS, Javascript, SQL commands, stored procedures,

Smith Shopping Cart v3.88

The most advanced DotNetNuke shopping cart on the planet. Easy to use e-Commerce, Secure Shopping Cart Software and SEO friendly. B2C / B2B Ecommerce Sites.

Event Calendar and Registration 4.0

One stop solution for events calendar and events registration! FREE DOWNLOAD is available now!

DNN Modules

Forums > Product Discussion - DotNetNuke Modules > Dynamic Forms
Can't use form validation with our security appliance
Last Post 02-01-2013 06:15 AM by Julie Ellsworth. 2 Replies.
AddThis - Bookmarking and Sharing Button Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
Julie EllsworthUser is Offline
going with the flow
going with the flow
Posts:42
Avatar

--
01-30-2013 09:05 AM

    We run our website behind the Barracuda security appliance which checks for XSS and SQL injection attacks. The way your code is written for form validation (ie, checking the box to make a field a required field) causes Barracuda to think there is a Cross Site Scripting attack occuring whenever a user fails to fill out a required field, gets the validation error message, then tries to correct the field and re-submit the form.Here is the specific error from the Barracuda logs:

    Action DENY

    Follow Up Action None

    Severity Alert

    URL healthandwelfare.idaho.gov/Health/Immunizations/HealthcareProvidersImmunizationInfo/IRISDeletion/tabid/1402/Default.aspx

    Method POST

    Attack Cross-Site Scripting in Parameter

    Detail type="cross-site-scripting" pattern="script-in-tag-attribute" token="javascript\: (document.location = '#dftoppage');" Parameter="dnn$ctr6821$DynamicForms$DataSprings_Onload2" value="javascript\: (docume"

    Rule Type Global

    Rule security-policy

    Protocol HTTPS

    Session ID

    User Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)

    Proxy IP 10.10.156.38

    Proxy Port 62245
    v

     
    Chad NashUser is Offline
    Posts:5260
    Avatar

    --
    01-30-2013 12:33 PM
    HiJulie,

    Does this specific application report this if you disable Client Side Validation and enable only server side validation? These are really just ASP.NET validation controls so I am really not sure I would know specifically how to avoid this or what setting within the ASP.NET validation is triggering this check/issue.

    Thanks,

    Chad
    Julie EllsworthUser is Offline
    going with the flow
    going with the flow
    Posts:42
    Avatar

    --
    02-01-2013 06:15 AM
    Hi Chad -
    Looks like it was the javascript used to send the user to the top of the page after invalid validation: "javascript\: (document.location = '#dftoppage');" that was causing the problem. I went in to the validation configuration settings and set that to "none" which fixed the problem. I am not sure why that code looks like a XSS attack, but all seems to be working now.
    Thanks!
    Julie
    You are not authorized to post a reply.

    Forums > Product Discussion - DotNetNuke Modules > Dynamic Forms
     
     

    Join our mailing list...

    Get current news and events the easy way
    Subscribe Me

    Recent Blogs...

     
    Copyright 2005 - 2011 by Data Springs, Inc.
     
  • film izle
  • 720 izle
  • film
  • sinema izle
  • film makinesi
  • T�rk�e dublaj film
  • film izle
  • film izle
  • baglan film izle
  • sinema izle
  • 1080 film izle
  • film mercegi