Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

HTML injection

ariesyinn
Level 3
Level 3

Hi ,

May I know how to prevent injecting HTML? I am using AEM 6.2.

1 Accepted Solution
Ravi_Pampana
Correct answer by
Community Advisor
Community Advisor

Hi,

 

Usually html injection can happen by either url or user input data. We need to check for the html tags and encode them to make sure they are consider as string instead of html tags.

 

Take a look at below link for additional details

 

https://www.softwaretestinghelp.com/html-injection-tutorial/

View solution in original post

3 Replies
Ravi_Pampana
Correct answer by
Community Advisor
Community Advisor

Hi,

 

Usually html injection can happen by either url or user input data. We need to check for the html tags and encode them to make sure they are consider as string instead of html tags.

 

Take a look at below link for additional details

 

https://www.softwaretestinghelp.com/html-injection-tutorial/

View solution in original post

jbrar
Employee
Employee

Apply the latest hotfix and use the Adobe recommended security configs: https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-checkl...

 

Lastly, AEM 6.2 has been out of support for a long time and the best option will be to move to 6.5 Or AEM Cloud.

ariesyinn
Level 3
Level 3
Hi jbrar, I understand AEM6.2 is out of support and we are planning to upgrade. But, as this is very important security, we need to prevent this. May I know how to resolve this?