Folks,
We have a web application that uses _javascript_ to add a parameter and a value to a URL before sending it to Apache server version 1.3.31. In some cases, the value contains the less than (<) or greater than (>) characters so we use the _javascript_ escape function to convert the characters before sending. So for a value such as ‘<<<’, the URL looks like this: http://localhost/ourapp/index.htm?value=%3C%3C%3C.
This causes Apache to return a 403 Access Forbidden error and says: ‘Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags’.
Is there a way to disable this security check or otherwise configure the server to permit this type of URL?
Thanks in advance for any help,
Marc
|