How to use XSS prevention for js file in cq5. Is there any OOB avilable for CQ5 to use it in JS. There are xssapi which can be used in JSP and JAVA.
How to implement the XSS prevention in Java script file.
Please assist.
Thanks,
Ramya
Solved! Go to Solution.
Views
Replies
Total Likes
Hi Ramya,
here is an example of what to use[1]. When you use AEM6, sightly was created with security by default, so it is automatic.
Regards,
Opkar
Views
Replies
Total Likes
Hi Ramya,
here is an example of what to use[1]. When you use AEM6, sightly was created with security by default, so it is automatic.
Regards,
Opkar
Views
Replies
Total Likes
Hi Scott/ Opkar,
Thanks for the reply. I have implemented the XSS api in JSP and in JAVA. I have issue in Javascript as well EX: window.document.referrer; whoul be validated for Client DOM XSS.
What can be implemented here in JS file can you please suggest.
Thanks,
Ramya
Views
Replies
Total Likes
Hi Ramya,
here is another resource which is helpful[1]
The approach to XSS protection is "CQ applies the principle of filtering all user-supplied content upon output." What use case are you trying to protect against?
Regards,
Opkar
[1] http://docs.adobe.com/docs/en/cq/5-6-1/developing/securitychecklist/_jcr_content/par/download/file.r...
[2] https://www.linkedin.com/pulse/20141208052114-205306823-cq-aem-best-practices
Views
Replies
Total Likes
Hi Opkar,
Thanks for the reply . In my java script code I have var x = window.document.referrer; there is some tool to validate all the security issues.
for the this code : var x = window.document.referrer; The tool says hacker can include the script in the url while accessing which is a security issue.
I am unable to implement the any fix to encode the url and then store it the variable x.
What can be done in java script to encode the url to get ride of script inclusion.
Thanks,
Ramya
Views
Replies
Total Likes
Hi Ramya,
You can use regular expression in javascript to replace all the tags ( like <html>,<p>,<script>) with null ("") before assigning it to a variable. I think there is no OOTB implementation for this.
regards,
Kalyan venkat
Views
Replies
Total Likes
Hi Ramya,
it would be worth asking for an example of this exploit and how others have guarded against it.
Regards,
Opkar
Views
Replies
Total Likes
See this AEM doc topic:
https://docs.adobe.com/docs/en/cq/5-6-1/developing/developing_guidelines_bestpractices.html#Protect against Cross-Site Scripting (XSS)
Views
Replies
Total Likes
Hi Ramya, could u pls assist me using xssAPI methods in .js file
I did not find anything related in the accepted answer link may be that was updated at some time.
Able to do it for jsp and java files doubt how to make use of xssAPI.encodeForJSString("")
in a js file in cq5.6
This is to do with xss issue reported by fortify tool for below code in js file
window.location.href = window.location.href + ("?mode=view");
Thanks
Views
Replies
Total Likes
Views
Likes
Replies