1] In most of the cases we will have CDN/Dispatcher front-ending the AEM websites. So, how is it that some malicious code injected on the user-facing[lets say website having CDN] page, can be handled at AEM level. Failing to understand this.
2] Also, went through the OOTB config file /libs/cq/xssprotection/config.xml, But could not understand much.
If you can point to any references articles /links explaining the same, it would be helpful.
XSS comes into picture if you storing something in your database or fiesystem. Example forms page where user can input data at time of registration etc... and you are storing it. CDN/Dispatcher can filter other attacks like DDOS the incoming traffic flooding into your system & also it is not meant to validate the user supplied data in general.
XSS comes into picture if you storing something in your database or fiesystem. Example forms page where user can input data at time of registration etc... and you are storing it. CDN/Dispatcher can filter other attacks like DDOS the incoming traffic flooding into your system & also it is not meant to validate the user supplied data in general.
In case, we have an AEM site, which does not accept any sort of input from users and just renders content, we need not worry about the XSS configuration thing, correct?
