Expand my Community achievements bar.

XSS Protection for text fields

Avatar

Level 1

Hello Team,

I am new to aem and frontend, I have already developed project in which a vulnerability is reported for xss injection in text fields(when inserting script to show alert in text field I am getting that alert). I am trying to implement a solution at global level to stop xss scripts. For this I am overlaying the xss protection folder in apps/cq and modifying the config.xml file. I tried several entries one by one
<attribute name="text">

    <regexp-list>

        <regexp value = "[a-zA-Z0-9]"/>

    </regexp-list>

</attribute>

also I tried modifying the existing entry for input tag 

<attribute name="value">

    <regexp-list>

        <regexp value = "[a-zA-Z0-9]"/>

    </regexp-list>

</attribute>

 

Please let me know how can I stop xss injection in fields.

 

 

Thanks for Help

1 Reply

Avatar

Community Advisor

Hi,

How does the HTML snippet look like for text component?

Can you share the example?



Arun Patidar