Expand my Community achievements bar.

The first preview of our new Community upgrade is live - check it out now.
Learn more

JS code in Target activity

Avatar

Level 10
Level 10
11/19/25 4:08:02 AM

Do you know of any validation of JS code put into AT activity in the area of security?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Target

Views

397

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Reply

Avatar

Community Advisor and Adobe Champion
Community Advisor and Adobe Champion
11/19/25 4:53:20 AM

Hi there

 

As such, Adobe Target does not perform exhaustive validation on custom JavaScript entered into activity offers. In other words, the responsibility for security of injected JS lies mainly with client-side governance and your organization’s own code review practices.

 

This means that potentially unsafe JS (including code that could trigger cross-site scripting/XSS or client-side vulnerabilities) can be inserted into Target offers if not properly controlled (through e.g. CSP, code reviews, avoidance of eval(), etc.).

 

Maybe this helps

https://wwwimages2.adobe.com/content/dam/cc/en/security/pdfs/AdobeTargetSecurityOverview.pdf 

Cheers from Switzerland!


Views

384

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to use A4T activity impression to track activity with dynamic content Solved

Views

98

Likes

0

Replies

3
custom eventType with data object sent to Target as profile parameters Solved

Views

401

Likes

0

Replies

1
Visitor Count Discrepancy in Adobe Target A/B Test Solved

Views

454

Likes

0

Replies

2
AEP Web SDK: Target Activity works via QA Link and Session Storage, but fails using Profile Attributes—Why?

Views

172

Likes

0

Replies

1
Clarification on Lift & Confidence in Analytics Dashboard for Personalization

Views

195

Likes

0

Replies

1