For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

totengraber_937's avatar
totengraber_937
Icon for Nimbostratus rankNimbostratus
Dec 13, 2007

Help Replacing characters in URI(URL?)

Okay, I've tried to do this on my own, but have gotten no where.     It has been discovered that our web application is vulnerable to Cross-Site Scripting based on tests from ScanAlert.   ...
application delivery
dev
devops
iRules
Joe_Pruitt's avatar
Joe_Pruitt
Dec 13, 2007
What do you mean by "HTML equivalent"? Do you mean HTTP encoded, or HTML encoded. The two are different.

URL encoding: "<" -> "%3c"

HTML Encoding: "<" -> "& lt;"

If it is the URL encoding you want, you can easily do so with the URI::encode iRule command

when HTTP_REQUEST {
  HTTP::uri [URI::encode [HTTP::uri]]
}

This will turn "/foobar(foo)" into "%2ffoo%3cbar%3ebar(foo)"

If you want to do HTML encoding, then you'll have to do a manual string map of what you want to convert.

when HTTP_REQUEST {
  HTTP::uri [string map { "<" "<" ">" ">" } [HTTP::uri]]
}

This will convert "/foobar(foo)" into "/foobar(foo)"

As far as I know there is not a URI or HTML encoded value for parenthesis but you can extend the last iRule above to whatever translation you want.

Hope this helps...

-Joe