Hi,
Could anyone help me out how i can avoid malicious content from being posted to back end from editable text box . I am using sightly in HTML.
I understand in JSP we have XSSAPI.
I am not sure how to achieve this using sightly when you post the data.
I am not using AEM forms here.
From Adobe docs(Overview ):
"While the same result can be achieved with template languages like JSP, there the developer must manually ensure that the proper escaping is applied to each variable. As a single omission or mistake on the applied escaping is potentially sufficient to cause a cross-site scripting (XSS) vulnerability, we decided to automate this task with HTL. If needed, developers can still specify a different escaping on the expressions, but with HTL the default behavior is much more likely to correspond to the desired behavior, reducing the likelihood of errors."
It is implicit in HTL/Sightly.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.