Adobe Experience Manager Sites & More

priyadarshinic9 · 9/10/17

Hi,

Could anyone help me out how i can avoid malicious content from being posted to back end from editable text box . I am using sightly in HTML.

I understand in JSP we have XSSAPI.

I am not sure how to achieve this using sightly when you post the data.

I am not using AEM forms here.

viveksachdeva · 9/10/17

From Adobe docs(Overview ):

"While the same result can be achieved with template languages like JSP, there the developer must manually ensure that the proper escaping is applied to each variable. As a single omission or mistake on the applied escaping is potentially sufficient to cause a cross-site scripting (XSS) vulnerability, we decided to automate this task with HTL. If needed, developers can still specify a different escaping on the expressions, but with HTL the default behavior is much more likely to correspond to the desired behavior, reducing the likelihood of errors."

It is implicit in HTL/Sightly.

View solution in original post

viveksachdeva · 9/10/17

From Adobe docs(Overview ):

"While the same result can be achieved with template languages like JSP, there the developer must manually ensure that the proper escaping is applied to each variable. As a single omission or mistake on the applied escaping is potentially sufficient to cause a cross-site scripting (XSS) vulnerability, we decided to automate this task with HTL. If needed, developers can still specify a different escaping on the expressions, but with HTL the default behavior is much more likely to correspond to the desired behavior, reducing the likelihood of errors."

It is implicit in HTL/Sightly.

Adobe Experience Manager Sites & More

Protect against Malicious content(XSS attack) from being posted to backend

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe