Both cq(com.adobe.granite.xss.xssapi) and sling(org.apache.sling.xss.XSSAPI) xss filterHTML() methods allows the events in style tag which causes security threat. May i know how to restrict it ?
Eg.
xssAPI.filterHTML("<style onload=\"alert()\">test</style>") - Instead of removing the onload events, it's allowing the alert.
Topics
Topics help categorize Community content and increase your ability to discover relevant content.
