0

I'm working on a program, but veracode is detecting that part of my code is vulnerable to XSS CWE 80.

Here is the snippet that is being flagged:

ltLinkDoc.Text =
  '<script>$(window).bind("load", function(){ setTimeout(function() { ' +
  safeScript +
  " }, 100); });</script>";

Does anyone know why this part of the code is vulnerable, and how I can secure it?

Here is my full code:

Session.Remove("linkdoc");

var strWebDavJs = HttpUtility.JavaScriptStringEncode(strWebDav);

var generateLinkDialogJs = HttpUtility.JavaScriptStringEncode(
  (_settingPageInPopup != null
    ? _settingPageInPopup.GenerateLinkDialog
    : true
  ).ToString(),
);

var isShowSuccussfulOrFailedJs = HttpUtility.JavaScriptStringEncode(
  IsShowSuccussfulOrFailed,
);

var isDocOrDestCheckedJs = HttpUtility.JavaScriptStringEncode(
  rdoDocumentInfile.Checked || IsDestinationFileChecked() ? "true" : "",
);

var safeScript = string.Format(
  'CloseAndSendLinkToParent("{0}", "{1}", "{2}", "{3}");',
  strWebDavJs,
  generateLinkDialogJs,
  isShowSuccussfulOrFailedJs,
  isDocOrDestCheckedJs,
);

ltLinkDoc.Text =
  '<script>$(window).bind("load", function(){ setTimeout(function() { ' +
  safeScript +
  " }, 100); });</script>";
Improve this question
Related questions
2167
How do I format a Microsoft JSON date?
1287
How can I sanitize user input with PHP?
887
ASP.NET Web Site or ASP.NET Web Application?
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.