Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

XSS Protection for text fields

Avatar

Level 1

Hello Team,

I am new to aem and frontend, I have already developed project in which a vulnerability is reported for xss injection in text fields(when inserting script to show alert in text field I am getting that alert). I am trying to implement a solution at global level to stop xss scripts. For this I am overlaying the xss protection folder in apps/cq and modifying the config.xml file. I tried several entries one by one
<attribute name="text">

    <regexp-list>

        <regexp value = "[a-zA-Z0-9]"/>

    </regexp-list>

</attribute>

also I tried modifying the existing entry for input tag 

<attribute name="value">

    <regexp-list>

        <regexp value = "[a-zA-Z0-9]"/>

    </regexp-list>

</attribute>

 

Please let me know how can I stop xss injection in fields.

 

 

Thanks for Help

1 Reply

Avatar

Community Advisor

Hi,

How does the HTML snippet look like for text component?

Can you share the example?