Expand my Community achievements bar.

How to Prevent Malicious content submission using OSGI adaptive form (Prevent posting spam or malicious using OSGI Adaptive Form0

Avatar

Level 5
Level 5
5/22/24 6:29:32 AM

Hi Team,

 

Currently we are developing the OSGI Adaptive forms but text box in the Adaptive form filed which allow to enter using any java script code snippet to be hacking the system. please advise how to prevent Malicious content entering to Adaptive form filled (ex: Textbox with Mutiple lines)

 

A Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting attacks (XSS). how to configure using AEM Web console to prevent the adding Malicious content Form Filed Level

 

Regards

Vara

Views

360

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Level 10
Level 10
5/22/24 9:07:36 PM

Is this something you could configure at the dispatcher level ?

I would not go down the route but perhaps add a logic to keep an eye on what’s being added in the field via rule? 
I have been wondering about the same approach  wrt file upload and virus scan 

 

btw is this adaptive or core ?

 

Views

335

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 5
Level 5
5/23/24 6:11:16 AM
In response to NitroHazeDev

Thank you .


Each filed level validation for Malicious content check  using filed level rule may impact the performance . Is there any configuration we can set project or all the forms level to avoid the enter the <script> tag OSGI adaptive form filed level prevent the hacking or injecting suspicious content.

Regards

Vara

Views

324

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
5/27/24 5:00:12 PM
In response to varaande

What do you do with the form , submitting via email  or persisting ? What fields are concerning other than textbox, I assumed it’s one field ? If it is js, why don’t you write a script to validate all fields on submit and if found with script tag or so erase and force validation ?

I can try it on my end to check , what’s the script posted?

 

Did u read up somewhere that making page rules heavy can be concerning wrt performance ? 

Views

289

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 5
Level 5
5/29/24 4:03:42 PM
In response to NitroHazeDev

Hi Team

 

As discussed with Client Security & Performance both are important . Is there any OOTB feature or Web console level configuration to restrict the Malicious content while submitting OSGI Form (ex : restrict the <script> tag etc.)

 

Here is URL referring not sure we can restrict using the CSP --Content Secure Policy Configuration AEM web console

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-prevent-content-spo...

 

Regards

Vara

Views

269

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM 6.5 Forms Rule Editor async functions Solved

Views

129

Likes

0

Replies

3
AEM forms as cloud Service - Pdf generation using Output service

Views

52

Likes

0

Replies

2
Editing the Theme for Adaptive Form

Views

137

Likes

0

Replies

4
Modify List View on Form and Documents

Views

91

Likes

0

Replies

1
Save lastModifiedBy on Adaptive Form Fragment

Views

144

Likes

0

Replies

3