Sign in to follow this  
amansukhani

Problem using : using dataURL method

Recommended Posts

Hi,

 

 

 

I am using dataURL method to supply XML required by fusion charts. My URL contains parameters that I need in order to create the XML and one of these refers to a physical file location and has the full path - C:myprojectstest.txt. Because of this colon present in the URL I see the following error -

 

 

 

A colon character was found in dataURL, which can be potentially dangerous as it allows XSS attacks. Re-setting dataURL to Data.xml. If you're using absolute URLs (like http://domain.com/...) to provide dataURL, please convert it to relative path for increased security.

 

 

 

Is there a way to work around this?

 

 

 

Thanks.

Share this post


Link to post
Share on other sites

Hi,

 

 

 

My URL to the XML content is relative. I am using a parameter in the URL that refers to an absolute path. This is there just to help me generate the XML content. Why should this be disallowed? My URL is of the form -

 

 

 

/viewer/extract?__extractextension=flashchartsxml&__instanceid=%2F0.14&__document=D%3A%5CFusionCharts_Project%5Cruntime-3_25%5Ctest.text&__locale=en_US&__bookmark=%23

 

 

 

I am encoding this URL using escape(url) before setting the dataurl

 

 

 

Thanks.

Edited by Guest

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this