Forum Discussion

Nimbostratus

Sep 16, 2014

How to securely present user supplied data in HTTP::respond NNN content

When i write iRules, I often use something like HTTP::respond 403 content "Error: variable $somevar not in datagroup" My concern here is, $somevar is userdefined data - often a part of HTTP::pa...

Employee

Sep 16, 2014

I'd perhaps suggest two things:

Set the HTTPOnly flag on all cookies. It's of course not a 100% solution, but it would prevent most script-based access to cookies.

As WLB suggests, simply URI::encode the output value:

HTTP::respond 403 content "Error: variable [URI::encode $somevar] not in datagroup"

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to securely present user supplied data in HTTP::respond NNN content

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

Quarterly Security Notification October 2025

AI Security - OWASP LLM Top 10 2025 and LLM06/02 Supply Chain Attack

GitLab Vulnerability, Secure by Design Pledge, & Near Miss Supply Chain Attack

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS