I created a web application for seminar registration in Adobe Campaign Classic v7.
This is my workflow:
Client wants to apply encryption and XSS protection on the client and server side to the payload before submitting it.
I have checked built-in functions in Campaign such as cryptString(), decryptString() and NL.JS.escape().
var firstName = document.getElementById("firstName").value;
var mobile = document.getElementById("mobilePhone").value;
Any help is greatly appreciated.
document.controller.setValue() is running on client side. But cryptString is a server side function. I guess only way to solve this is to send the value to server unencrypted (just by document.controller.submit('next'); ). And then use a Script activity to do the encryption server side.
It's actually the other way around.
The web application I created submits user information (Page) and process it inside the Script activity.
Client wants two fields to be encrypted during transition for security purposes.
They also wants to apply escaping for XSS protection.
Do you have any advice on how to do this?
When you are doing this, the server is serving the web page to the client after doing the encryption in server side. if you open the webapp in a browser, reload the page and check in developer mode, you must be seeing the encrypted value from the beginning.
If you are using https then you are already using standard encryption.
Thanks for your response.
Client wanted the encryption on the client-side as part of security. I did something like this:
document.controller.setValue('/ctx/vars/memberId', '<%= cryptString("123456789")%>');
where I passed a hardcoded value and this works.
Is there no way that I can pass a variable inside cryptString? If it's not possible, is there other way to pass encrypted values from client side and decrypt it to server side? Or I just have to use third party encryption and decryption?
Thank you for your response.
I have tried the following:
I thought there's just syntax error around this, however, I haven't figured it out yet.