Server Error - Possible Cross Site Scripting
403 - SiteMinder - An application was blocked.
An illegal or dangerous character was used so the application was blocked.
Please notify your application development team or helpdesk
What Happened:
A Bad CSS Character was encoutered
Action Taken:
Cross Site Scripting possibility has been blocked.
Description:
A Cross Site Scripting (CSS) attack can occur when the input text from the browser (typically, data from a post or data from query parameters on a URL) is displayed by an application without being filtered for characters that may form a valid, executable script when displayed at the browser.
When this security feature is enabled, the Web Agent scans a full URL, including the query string, for escaped and unescaped versions of the restricted character set.
Technical Information:
SiteMinder Web Agent Details:
If the Web Agent detects a problem related to the character set, it returns an Access Denied message to the user(this message), and logs the following message in the Agent error log:
Caught Possible Cross Site Scripting Violation in URL. Exiting with HTTP 403 ACCESS FORBIDDEN.
Illegal character used is one of... < > "
BadCSSChars
CSSChecking
Resolution:
The URL and query string being used cannot contain escaped or unescaped versions of characters in the restricted character set.
Additional Information:
Allowing these characters in a URL or Query string poses a known security risk.
Notes from Computer Associates on the Security risk:
Click here
Notes from Microsoft about Cross Site Scripting:
Click here