How to Protect AEM Websites from Cross-Site Scripting(XSS) | AEM Community Blog Seeding

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,198 likes

Total Posts

6,383 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,198 likes

Total Posts

6,383 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

15-11-2020

BlogImage.jpg

How to Protect AEM Websites from Cross-Site Scripting(XSS) by Tech Forum

Abstract

Video: https://youtu.be/9GF3nYfoiK0

Cross-site scripting (XSS) allows attackers to inject code into web pages viewed by other users. This security vulnerability can be exploited by malicious web users to bypass access controls.

The actual attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser.

Most of the time the malicious scripts are injected through

URL Parameters
FORM Parameters (GET and POST parameters)
Cookies
HTTP Headers

AEM applies the principle of filtering all user-supplied content upon output. The XSS protection mechanism provided by AEM is based on the AntiSamy Java Library provided by OWASP.

AntiSamy is an HTML, CSS, and JavaScript filter for Java that sanitizes user input based on a policy file.

Read Full Blog

How to Protect AEM Websites from Cross-Site Scripting(XSS)

Q&A

Please use this thread to ask the related questions.