How to Prevent Malicious content submission using OSGI adaptive form (Prevent posting spam or malicious using OSGI Adaptive Form0 | Community
Skip to main content
V
varaande
Level 5
May 22, 2024
Question

How to Prevent Malicious content submission using OSGI adaptive form (Prevent posting spam or malicious using OSGI Adaptive Form0

  • May 22, 2024
  • 1 reply
  • 827 views

Hi Team,

 

Currently we are developing the OSGI Adaptive forms but text box in the Adaptive form filed which allow to enter using any java script code snippet to be hacking the system. please advise how to prevent Malicious content entering to Adaptive form filled (ex: Textbox with Mutiple lines)

 

A Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting attacks (XSS). how to configure using AEM Web console to prevent the adding Malicious content Form Filed Level

 

Regards

Vara

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

N
NitroHazeDev
Level 9
May 23, 2024

Is this something you could configure at the dispatcher level ?

I would not go down the route but perhaps add a logic to keep an eye on what’s being added in the field via rule? 
I have been wondering about the same approach  wrt file upload and virus scan 

 

btw is this adaptive or core ?

 

V
varaandeAuthor
Level 5
May 23, 2024

Thank you .


Each filed level validation for Malicious content check  using filed level rule may impact the performance . Is there any configuration we can set project or all the forms level to avoid the enter the <script> tag OSGI adaptive form filed level prevent the hacking or injecting suspicious content.

Regards

Vara

N
NitroHazeDev
Level 9
May 28, 2024

What do you do with the form , submitting via email  or persisting ? What fields are concerning other than textbox, I assumed it’s one field ? If it is js, why don’t you write a script to validate all fields on submit and if found with script tag or so erase and force validation ?

I can try it on my end to check , what’s the script posted?

 

Did u read up somewhere that making page rules heavy can be concerning wrt performance ? 

Terms & ConditionsAccessibility statement

Loading footer...