Custom forms and XSS

Question

If one needs to create a custom UI for posting comments to a blog or discussion thread what tools are available to minimize the risk of XSS attacks? I know that Freemarker ?html will prevent basic attempts but other than using a regular expression to strip tags is there anything else in the tool box available to users looking to customize their communities?

paolot · Accepted Answer

Hi tripp-bishop&nbsp;
&nbsp;
you are also encouraged to use&nbsp;
?js_string
?json_string

if you are using template variables in javascript.&nbsp;
&nbsp;
We also provide a couple of built in HTML stripper tools - they are documented here&nbsp;. If you are using AJAX endpoints or components, you also want to ensure to validate your inputs to the expected format.
&nbsp;
Hope this helps&nbsp;

Forum Discussion

Custom forms and XSS

Related Content

Re: Atlas Sign-On & Registration for Marketing Customers

Khoros Care Downtime & Impacts to Bot Customers

Khoros Customer Data Retention and Destruction Policy

OccasionBoardPage custom layout

Change sign in form HTML structure.

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined