Avatar

Level 2

Hi everyone.

I created a web application for seminar registration in Adobe Campaign Classic v7.

This is my workflow:

1817511_pastedImage_0.png

Client wants to apply encryption and XSS protection on the client and server side to the payload before submitting it.
I have checked built-in functions in Campaign such as cryptString(), decryptString() and NL.JS.escape().

This is my script inside the Page activity:
      <script type="text/javascript">
          // <![CDATA[
          function formSubmit(e) {

              var firstName = document.getElementById("firstName").value;

              var email = document.getElementById("email").value;
              var memberId = document.getElementById("memberId").value;

              var mobile = document.getElementById("mobilePhone").value;

              document.controller.setValue('/ctx/vars/firstName', firstName);

              document.controller.setValue('/ctx/vars/email', email);
              document.controller.setValue('/ctx/vars/memberId', memberId);
              document.controller.setValue('/ctx/vars/mobile', mobile);

              document.controller.submit('next');

              return false;

          }
          // ]]>
      </script>

I tried to use the cryptString() during setValue like this:
          document.controller.setValue('/ctx/vars/memberId', '<%= cryptString("' + memberId + '")%>');
However, instead of encrypting the value entered in the textfield, it's actually encrypting the string " + memberId + ".
     
Is there any way we can do this?

Any help is greatly appreciated.