Expand my Community achievements bar.

XSS Protection for text fields

Avatar

Level 1
Level 1
4/1/22 4:08:58 AM

Hello Team,

I am new to aem and frontend, I have already developed project in which a vulnerability is reported for xss injection in text fields(when inserting script to show alert in text field I am getting that alert). I am trying to implement a solution at global level to stop xss scripts. For this I am overlaying the xss protection folder in apps/cq and modifying the config.xml file. I tried several entries one by one
<attribute name="text">

    <regexp-list>

        <regexp value = "[a-zA-Z0-9]"/>

    </regexp-list>

</attribute>

also I tried modifying the existing entry for input tag 

<attribute name="value">

    <regexp-list>

        <regexp value = "[a-zA-Z0-9]"/>

    </regexp-list>

</attribute>

 

Please let me know how can I stop xss injection in fields.

 

 

Thanks for Help

Views

437

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Reply

Avatar

Community Advisor
Community Advisor
4/5/22 12:37:06 AM

Hi,

How does the HTML snippet look like for text component?

Can you share the example?



Arun Patidar

Views

420

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Adobe Developers Live, November 2024, Session | Extension Manager for AEM

Views

196

Likes

0

Replies

0
Adobe Developers Live, November 2024, On-Demand Session | Orchestrating Commerce APIs for headless implementations

Views

193

Likes

0

Replies

0
Adobe Developers Live, November 2024, On-Demand Session | Dynamic Media Masterclass: Best Practices for Performant Delivery

Views

136

Likes

0

Replies

0
Best Practices for Implementing Adobe Experience Manager (AEM) in 2024

Views

360

Likes

0

Replies

0
Modify the paraformat options within the AEM RTE of the Text Core Component

Views

353

Likes

0

Replies

5