Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
Learn More

How to Prevent Malicious content submission using OSGI adaptive form (Prevent posting spam or malicious using OSGI Adaptive Form0

Avatar

Level 5
Level 5
5/22/24 6:29:32 AM

Hi Team,

 

Currently we are developing the OSGI Adaptive forms but text box in the Adaptive form filed which allow to enter using any java script code snippet to be hacking the system. please advise how to prevent Malicious content entering to Adaptive form filled (ex: Textbox with Mutiple lines)

 

A Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting attacks (XSS). how to configure using AEM Web console to prevent the adding Malicious content Form Filed Level

 

Regards

Vara

Views

147

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Level 10
Level 10
5/22/24 9:07:36 PM

Is this something you could configure at the dispatcher level ?

I would not go down the route but perhaps add a logic to keep an eye on what’s being added in the field via rule? 
I have been wondering about the same approach  wrt file upload and virus scan 

 

btw is this adaptive or core ?

 

Views

122

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 5
Level 5
5/23/24 6:11:16 AM
In response to NitroHazeDev

Thank you .


Each filed level validation for Malicious content check  using filed level rule may impact the performance . Is there any configuration we can set project or all the forms level to avoid the enter the <script> tag OSGI adaptive form filed level prevent the hacking or injecting suspicious content.

Regards

Vara

Views

111

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
5/27/24 5:00:12 PM
In response to varaande

What do you do with the form , submitting via email  or persisting ? What fields are concerning other than textbox, I assumed it’s one field ? If it is js, why don’t you write a script to validate all fields on submit and if found with script tag or so erase and force validation ?

I can try it on my end to check , what’s the script posted?

 

Did u read up somewhere that making page rules heavy can be concerning wrt performance ? 

Views

76

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 5
Level 5
5/29/24 4:03:42 PM
In response to NitroHazeDev

Hi Team

 

As discussed with Client Security & Performance both are important . Is there any OOTB feature or Web console level configuration to restrict the Malicious content while submitting OSGI Form (ex : restrict the <script> tag etc.)

 

Here is URL referring not sure we can restrict using the CSP --Content Secure Policy Configuration AEM web console

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-prevent-content-spo...

 

Regards

Vara

Views

56

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Help converting a number to ones position only Solved

Views

72

Likes

0

Replies

2
FORMS AEMaaCS CRM Dynamics - multiple entities submit

Views

37

Likes

0

Replies

0
Created form in AEM Designer - Users can't edit/save using Reader or can't electronically sign

Views

130

Likes

0

Replies

5
Button to disable text fields in instances

Views

70

Likes

0

Replies

1
AEM forms & MS Dynamics integration with refresh token

Views

81

Likes

0

Replies

1