Expand my Community achievements bar.

How to Prevent Malicious content submission using OSGI adaptive form (Prevent posting spam or malicious using OSGI Adaptive Form0

Avatar

Level 5

Hi Team,

 

Currently we are developing the OSGI Adaptive forms but text box in the Adaptive form filed which allow to enter using any java script code snippet to be hacking the system. please advise how to prevent Malicious content entering to Adaptive form filled (ex: Textbox with Mutiple lines)

 

A Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting attacks (XSS). how to configure using AEM Web console to prevent the adding Malicious content Form Filed Level

 

Regards

Vara

4 Replies

Avatar

Level 10

Is this something you could configure at the dispatcher level ?

I would not go down the route but perhaps add a logic to keep an eye on what’s being added in the field via rule? 
I have been wondering about the same approach  wrt file upload and virus scan 

 

btw is this adaptive or core ?

 

Avatar

Level 5

Thank you .


Each filed level validation for Malicious content check  using filed level rule may impact the performance . Is there any configuration we can set project or all the forms level to avoid the enter the <script> tag OSGI adaptive form filed level prevent the hacking or injecting suspicious content.

Regards

Vara

Avatar

Level 10

What do you do with the form , submitting via email  or persisting ? What fields are concerning other than textbox, I assumed it’s one field ? If it is js, why don’t you write a script to validate all fields on submit and if found with script tag or so erase and force validation ?

I can try it on my end to check , what’s the script posted?

 

Did u read up somewhere that making page rules heavy can be concerning wrt performance ? 

Avatar

Level 5

Hi Team

 

As discussed with Client Security & Performance both are important . Is there any OOTB feature or Web console level configuration to restrict the Malicious content while submitting OSGI Form (ex : restrict the <script> tag etc.)

 

Here is URL referring not sure we can restrict using the CSP --Content Secure Policy Configuration AEM web console

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-prevent-content-spo...

 

Regards

Vara