priyanka85 0 Newbie Poster

I have an input field which is showing vulnerable in security scan using XSS attack as:
STYLE="xss:e/**/xpression(try{a=firstTime}catch(e){firstTime=1;alert(969)});"

Could you please suggest how can we prevent from vulnerability like this ?

Field:

    <input id="{ControlItemUniqueID}Data" style="width:150px" name="{ControlItemUniqueName}" 
                                    type="hidden" {MaxLength}{IsEnabled} {IsReadOnly} class="datatext {CssClass}" value="{Data}" onkeypress="sanitizeEmployeeDateData()" onmouseover="sanitizeEmployeeDateData()" onblur="sanitizeEmployeeDateData()>           
                  <script>
                  function sanitizeEmployeeDateData()
                  {
                    var EmployeeDate = document.getElementById('LIC1_EmployeeDateData');       
                    if (EmployeeDate != null) {
                        var date = new Date();
                        var d  = date.getDate();
                        var day = (d < 10) ? '0' + d : d;
                        var m = date.getMonth() + 1;
                        var month = (m < 10) ? '0' + m : m;
                        var yy = date.getYear();
                        var year = (yy < 1000) ? yy + 1900 : yy;
                        EmployeeDate.value = month + "/" + day + "/" + year;
                        var selectedDate =   EmployeeDate.value;
                        EmployeeDate.value = EmployeeDate.replace(/[^0-9/]+/, "");
                    }
                  }
                  </script>

Hack by Security APP

input id="LIC1_EmployeeDateOrigData" name="LIC1:EmployeeDateOrigData" type="hidden"
value="" STYLE="xss:e/**/xpression(try{a=firstTime}catch(e){firstTime=1;alert(969)});" >
<input id="LIC1_EmployeeDateData" style="width:150px" name="LIC1:EmployeeDate"
type="hidden" class="datatext HiddenItem EmployeeDate " value=""
STYLE="xss:e/**/xpression(try{a=firstTime}catch(e){firstTime=1;alert(969)});"
onkeypress="sanitizeEmployeeDateData()" onmouseover="sanitizeEmployeeDateData()"
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.