My Oracle Support Banner

E1: JAS: Browser Cross-Site Scripting Filter Vulnerability (Doc ID 2710426.1)

Last updated on SEPTEMBER 14, 2020

Applies to:

JD Edwards EnterpriseOne Tools - Version 9.2 and later
Information in this document applies to any platform.


Currently seeing this behavior when using E1 via web browser:

No X-XSS-Protection header was set in the response. This means that the browser uses default behavior that detection of a cross-site scripting attack never prevents rendering.


It is considered as better practice to instruct the browser XSS filter to never render the web page if an XSS attack is detected.

The following header should be set:

X-XSS-Protection: 1; mode=block





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.