Expand my Community achievements bar.

Nomination window for the Adobe Community Advisor Program, Class of 2025, is now open!
Apply now!

Style tag onload events in XSSAPI

Avatar

Level 10
Level 10
2/5/20 8:25:43 AM

Both cq(com.adobe.granite.xss.xssapi) and sling(org.apache.sling.xss.XSSAPI) xss filterHTML() methods allows the events in style tag which causes security threat. May i know how to restrict it ?

Eg.

xssAPI.filterHTML("<style onload=\"alert()\">test</style>") - Instead of removing the onload events, it's allowing the alert.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Security

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
0 Replies
Related Conversations
Adobe Summit 2025, AEM Skill Exchange | S900 Adobe Experience Manager Security in the Age of Generative AI

Views

119

Likes

0

Replies

0
Adobe Summit 2025, AEM Session/LAB | S329 Transform Quality Content into Winning Experiences in Minutes using GenAI

Views

66

Likes

0

Replies

0
Adobe Summit 2025, AEM Session/LAB | L340 Unlocking Developer Productivity in Experience Manager as a Cloud Service

Views

58

Likes

0

Replies

0
Adobe Summit 2025, AEM Session/LAB | L335 Content Authoring With Universal Editor and Edge Delivery Services in AEM

Views

67

Likes

0

Replies

0
Blank Page in Edit Mode After Creating AEM Project

Views

534

Likes

0

Replies

10