(default) Cross-Site Scripting (XSS) in Path
Deny Rule Group – (default) Cross-Site Scripting (XSS) in Path

XSS_PATH

  • The group contains XSS deny rules for HTTP paths.
  • The security level Basic prevents injection of <script> and known HTML event handlers (e.g. "onload").
  • The security level Standard prevents injection of JavaScript code in quoted context.
  • The security level Strict prevents injection of JavaScript code in unquoted context.

Included Deny Rules

Rule name
Basic
Standard
Strict
(default XSS_001c) Source attribute of critical HTML tag in path
Icon - ON
Icon - ON
Icon - ON
(default XSS_005c) HTML script tag in path
Icon - ON
Icon - ON
Icon - ON
(default XSS_040c) HTML event handler in path
Icon - ON
Icon - ON
Icon - ON