|
|
|
Forum Newbie
Group: Forum Members
Last Login: 4/3/2008 4:10:37 PM
Posts: 2,
Visits: 10
|
|
Hi,
I am using dataURL method to supply XML required by fusion charts. My URL contains parameters that I need in order to create the XML and one of these refers to a physical file location and has the full path - C:\myprojects\test.txt. Because of this colon present in the URL I see the following error -
A colon character was found in dataURL, which can be potentially dangerous as it allows XSS attacks. Re-setting dataURL to Data.xml. If you're using absolute URLs (like http://domain.com/...) to provide dataURL, please convert it to relative path for increased security.
Is there a way to work around this?
Thanks.
|
|
|
|
|
Supreme Being
Group: Moderators
Last Login: Today @ 9:19:06 AM
Posts: 679,
Visits: 1,083
|
|
| Hi, You can not use absoulte path for XML. You need to provide a relative path.
Regards,
Sudipto Choudhury
FusionCharts Team
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 4/3/2008 4:10:37 PM
Posts: 2,
Visits: 10
|
|
Hi,
My URL to the XML content is relative. I am using a parameter in the URL that refers to an absolute path. This is there just to help me generate the XML content. Why should this be disallowed? My URL is of the form -
/viewer/extract?__extractextension=flashchartsxml&__instanceid=%2F0.14&__document=D%3A%5CFusionCharts_Project%5Cruntime-3_25%5Ctest.text&__locale=en_US&__bookmark=%23
I am encoding this URL using escape(url) before setting the dataurl
Thanks.
|
|
|
|
|
FusionCharts Team
Group: Administrators
Last Login: 7/2/2008 7:57:52 PM
Posts: 1,956,
Visits: 468
|
|
If there are any colons in your dataURL, we disallow it to prevent XSS attacks.
Thanks,
Pallav Nadhani
FusionCharts Team
|
|
|
|
|
Supreme Being
Group: Moderators
Last Login: Today @ 9:19:06 AM
Posts: 679,
Visits: 1,083
|
|
|
|
|