Hi,
In the default Security Login form, in case if the user inputs a script tag in password field, the server reverts back this input string in the response.
For e.g. if anglebracket script src=abc.js anglebracket is added in the password field, the page response includes the following:
span id=“id_read_on_pswd” class=“sc-ui-readonly-pswd css_pswd_line” style="display: none; anglebracket script src=x7slkgcc.jsanglebracket
How to prevent that? My customer has run a security scan on the application deployed and there are several observations related to login page.
Any help appreciated…