Hi Checkmarx has detected a security vulnerability in the code: Cross-domain 'jsonp' ajax call not XSS safe. The suggestion given as: An explicit file name is not defined for the Content-Disposition header. Filename attribute is required in order to prevent the browser from assuming the resource is an executable and download a possibly malicious file." T
The code works fine but security tool has identified this.
$.ajax({
url:"https://www.example.com?format=rich&client=aem_frontend",
dataType:"jsonp",
data:"&q="+ request.term,
success:function(data){
$('.searchPanel').css('display','none');if(data.results.length >0){
response($.map(data.results,function(item){return{
label: item.name}}));}else{
$('.ui-autocomplete ').css('display','none');
$('.searchPanel').css('display','block');
$('.searchPanel').css('display','block');// $('#zero-result').removeClass("noDisplay").css('display','block');//$('#err_text').text("Whoops! We couldn’t find any matches for "+request.term);}},
error:function(data){
alert("inside failure"+ data.status +' '+ data.statusText);}});Regards Vaibhav Kaulkar