Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Protect against Malicious content(XSS attack) from being posted to backend

priyadarshinic9
Level 2
Level 2

Hi,

Could anyone help me out  how i can avoid malicious content from being posted to back end from editable text box . I am using sightly in HTML.

I understand in JSP we have XSSAPI.

I am not sure how to achieve this using sightly when you post the data.

I am not using AEM forms here.

1 Accepted Solution
viveksachdeva
Correct answer by
Level 7
Level 7

From Adobe docs(Overview 😞

"While the same result can be achieved with template languages like JSP, there the developer must manually ensure that the proper escaping is applied to each variable. As a single omission or mistake on the applied escaping is potentially sufficient to cause a cross-site scripting (XSS) vulnerability, we decided to automate this task with HTL. If needed, developers can still specify a different escaping on the expressions, but with HTL the default behavior is much more likely to correspond to the desired behavior, reducing the likelihood of errors."

It is implicit in HTL/Sightly.

View solution in original post

0 Replies
viveksachdeva
Correct answer by
Level 7
Level 7

From Adobe docs(Overview 😞

"While the same result can be achieved with template languages like JSP, there the developer must manually ensure that the proper escaping is applied to each variable. As a single omission or mistake on the applied escaping is potentially sufficient to cause a cross-site scripting (XSS) vulnerability, we decided to automate this task with HTL. If needed, developers can still specify a different escaping on the expressions, but with HTL the default behavior is much more likely to correspond to the desired behavior, reducing the likelihood of errors."

It is implicit in HTL/Sightly.

View solution in original post