Expand my Community achievements bar.

Get ready! An upgraded Experience League Community experience is coming in January.
Learn more

JS code in Target activity

Avatar

Level 10
Level 10
11/19/25 4:08:02 AM

Do you know of any validation of JS code put into AT activity in the area of security?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Target

Views

385

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Reply

Avatar

Community Advisor and Adobe Champion
Community Advisor and Adobe Champion
11/19/25 4:53:20 AM

Hi there

 

As such, Adobe Target does not perform exhaustive validation on custom JavaScript entered into activity offers. In other words, the responsibility for security of injected JS lies mainly with client-side governance and your organization’s own code review practices.

 

This means that potentially unsafe JS (including code that could trigger cross-site scripting/XSS or client-side vulnerabilities) can be inserted into Target offers if not properly controlled (through e.g. CSP, code reviews, avoidance of eval(), etc.).

 

Maybe this helps

https://wwwimages2.adobe.com/content/dam/cc/en/security/pdfs/AdobeTargetSecurityOverview.pdf 

Cheers from Switzerland!


Views

372

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
custom eventType with data object sent to Target as profile parameters Solved

Views

372

Likes

0

Replies

1
Visitor Count Discrepancy in Adobe Target A/B Test Solved

Views

421

Likes

0

Replies

2
Best Practice for Implementing Adobe Target on AEM as a Cloud Service (Consultant Perspective) Solved

Views

380

Like

1

Replies

1
AEP Web SDK: Target Activity works via QA Link and Session Storage, but fails using Profile Attributes—Why?

Views

132

Likes

0

Replies

0
Clarification on Lift & Confidence in Analytics Dashboard for Personalization

Views

173

Likes

0

Replies

1