Expand my Community achievements bar.

Style tag onload events in XSSAPI

Avatar

Community Advisor
Community Advisor
2/5/20 8:25:43 AM

Both cq(com.adobe.granite.xss.xssapi) and sling(org.apache.sling.xss.XSSAPI) xss filterHTML() methods allows the events in style tag which causes security threat. May i know how to restrict it ?

Eg.

xssAPI.filterHTML("<style onload=\"alert()\">test</style>") - Instead of removing the onload events, it's allowing the alert.

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Security

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
0 Replies
Related Conversations
Unable to find users , user roles , company information through Mangento Rest API in postman

Views

128

Likes

0

Replies

1
Rejection flow in AEM translation Project

Views

119

Likes

0

Replies

0
Adobe Developers Live, November 2024, On-Demand Session | CDN & WAF configuration in AEM Cloud Service

Views

147

Likes

0

Replies

0
Adobe Developers Live, November 2024, Session | Edge Delivery Services: One Year In, Six Ways Better

Views

409

Like

1

Replies

0
Adobe Developers Live, November 2024, Session | Modern AEM APIs & Eventing

Views

135

Likes

0

Replies

0