Forum Discussion
Mr Shaggy,
From what you are describing it looks like you have accepted "alert()" as a parameter in your policy? this means you have whitelisted it - this could be an issue you are experiencing... Please check if it is there by mistake.
Also:
A) Please check your staging from the Enforcement-Readiness Summary (used to be called Staging-Tighenting SUmmary in older versions) - Make sure your URLS/parameters are enforced.
B) Make sure that XSS Signatre set is assigned to the policy and is in Blocking mode C) Navigate to a URL which should be blocked, but not blocking: e.g. /myurl/somefile.php?name=alert('xss')
Find this URL in your event log and inspect it for any raised violations - this should give a clue why it is not blocking.
Hope this helps, Sam