Hi Team
As we should not use context=unsafe to prevent xss vulnerability , is it safe to use textarea field with values with some js code and html markup with context=scriptComment to prevent stripping of script tags
Solved! Go to Solution.
Views
Replies
Total Likes
For HTML and JS, you should try using
${properties.customHTML @ context='html'} <!--/* Use this in case you want to output HTML - Removes markup that may contain XSS risks */-->
${properties.cusomJS @ context='scriptString'} <!--/* Applies JavaScript string escaping */-->
HTML Template Language Specification - https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md
Let me know how it goes,
Brian
Hi @NehaCMS ,
I dont think there should be any issue using context= scriptComments
${properties.jcr:title @ context='scriptComment'} <!--/* Context for Javascript block comments. Outputs nothing if value break out of the comment context */-->
Hope this helps!!
Thanks
For HTML and JS, you should try using
${properties.customHTML @ context='html'} <!--/* Use this in case you want to output HTML - Removes markup that may contain XSS risks */-->
${properties.cusomJS @ context='scriptString'} <!--/* Applies JavaScript string escaping */-->
HTML Template Language Specification - https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md
Let me know how it goes,
Brian
Views
Like
Replies