Click here to Skip to main content
15,886,199 members
Search within:


How to prevent Cross Site History Manipulation
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi, All.

We are currently using Checkmarx to scan our code. One of the findings is Cross Site History Manipulation.

According to my research the cause of this finding is the Response.Redirect. I tried to used javascript in redirecting my page instead and it worked. But the problem now is that whenever i call window.location.href="/KB/answers/mypage.aspx" it still continues the postback before redirecting. So it shows the login page(first page) for a second or two before redirecting to my home page.

I need some help on how to fix that. Or if you have any other way to redirect a page without using response.redirect will do. Thank you very much.
Posted
Add a Solution
Comments
F-ES Sitecore 29-Aug-15 6:31am    
I googled "cross site history manipulation" and the very first result was a PDF that contains a description on how to prevent this.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to prevent cross site history manipulation vulnerability in ASP.NET web forms?
Preventing cross site scripting
How to prevent Cross Site Scripting Attack ?
cross site scripting
Cross Site Request Forgery prevention (server site)
What are the different ways to prevent cross site scripting in SharePoint 2013 sites?
How to prevent web page from cross site Scripting
Vulnerability: Cross Site Request Forgery
Prevent History Creation
Develop CSRF(cross site request forgery) purifier

Advertise
Privacy
Cookies
Terms of Use
Last Updated 29 Aug 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900