Custom forms and XSS

Question

If one needs to create a custom UI for posting comments to a blog or discussion thread what tools are available to minimize the risk of XSS attacks? I know that Freemarker ?html will prevent basic attempts but other than using a regular expression to strip tags is there anything else in the tool box available to users looking to customize their communities?

paolot · Accepted Answer

Hi tripp-bishop&nbsp;
&nbsp;
you are also encouraged to use&nbsp;
?js_string
?json_string

if you are using template variables in javascript.&nbsp;
&nbsp;
We also provide a couple of built in HTML stripper tools - they are documented here&nbsp;. If you are using AJAX endpoints or components, you also want to ensure to validate your inputs to the expected format.
&nbsp;
Hope this helps&nbsp;

Forum Discussion

Custom forms and XSS

2 Replies

Related Content

Re: Atlas Sign-On & Registration for Marketing Customers

Khoros Care Downtime & Impacts to Bot Customers

Aurora: Configure custom Salesforce settings

Aurora: Custom widget configuration

Khoros Customer Data Retention and Destruction Policy

Recent Discussions

How to fetch all labels associated with TkbArticlePage and count how many times each label is used

In Aurora, add additional <script> and <meta> tags

Setup content filter for arabic language

24.10 API change breaks navigation

How to create/subscribe the Webhook in Aurora