Style tag onload events in XSSAPI

Avatar

Avatar
Validate 1
Level 2
kishorek1264980
Level 2

Likes

6 likes

Total Posts

44 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Ignite 3
Ignite 1
Give Back
Boost 5
View profile

Avatar
Validate 1
Level 2
kishorek1264980
Level 2

Likes

6 likes

Total Posts

44 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Ignite 3
Ignite 1
Give Back
Boost 5
View profile
kishorek1264980
Level 2

05-02-2020

Both cq(com.adobe.granite.xss.xssapi) and sling(org.apache.sling.xss.XSSAPI) xss filterHTML() methods allows the events in style tag which causes security threat. May i know how to restrict it ?

Eg.

xssAPI.filterHTML("<style onload=\"alert()\">test</style>") - Instead of removing the onload events, it's allowing the alert.