Hi Team,
Currently we are developing the OSGI Adaptive forms but text box in the Adaptive form filed which allow to enter using any java script code snippet to be hacking the system. please advise how to prevent Malicious content entering to Adaptive form filled (ex: Textbox with Mutiple lines)
A Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting attacks (XSS). how to configure using AEM Web console to prevent the adding Malicious content Form Filed Level
Regards
Vara
Views
Replies
Total Likes
Is this something you could configure at the dispatcher level ?
I would not go down the route but perhaps add a logic to keep an eye on what’s being added in the field via rule?
I have been wondering about the same approach wrt file upload and virus scan
btw is this adaptive or core ?
Views
Replies
Total Likes
Thank you .
Each filed level validation for Malicious content check using filed level rule may impact the performance . Is there any configuration we can set project or all the forms level to avoid the enter the <script> tag OSGI adaptive form filed level prevent the hacking or injecting suspicious content.
Regards
Vara
Views
Replies
Total Likes
What do you do with the form , submitting via email or persisting ? What fields are concerning other than textbox, I assumed it’s one field ? If it is js, why don’t you write a script to validate all fields on submit and if found with script tag or so erase and force validation ?
I can try it on my end to check , what’s the script posted?
Did u read up somewhere that making page rules heavy can be concerning wrt performance ?
Views
Replies
Total Likes
Hi Team
As discussed with Client Security & Performance both are important . Is there any OOTB feature or Web console level configuration to restrict the Malicious content while submitting OSGI Form (ex : restrict the <script> tag etc.)
Here is URL referring not sure we can restrict using the CSP --Content Secure Policy Configuration AEM web console
Regards
Vara
Views
Replies
Total Likes