Forum Discussion

Mentor

11 years ago

Custom forms and XSS

If one needs to create a custom UI for posting comments to a blog or discussion thread what tools are available to minimize the risk of XSS attacks? I know that Freemarker ?html will prevent basic at...

PaoloT
11 years ago
Hi tripp-bishop

you are also encouraged to use

?js_string ?json_string

if you are using template variables in javascript.

We also provide a couple of built in HTML stripper tools - they are documented here . If you are using AJAX endpoints or components, you also want to ensure to validate your inputs to the expected format.

Hope this helps

PaoloT

Lithium Alumni (Retired)

11 years ago

Hi tripp-bishop

you are also encouraged to use

?js_string
?json_string

if you are using template variables in javascript.

We also provide a couple of built in HTML stripper tools - they are documented here . If you are using AJAX endpoints or components, you also want to ensure to validate your inputs to the expected format.

Hope this helps

tripp-bishop
Mentor
11 years ago
Cheers Paolo! The utils library is exactly the kind of thing I was looking for.

Forum Discussion

Custom forms and XSS

Related Content

Re: Atlas Sign-On & Registration for Marketing Customers

Khoros Care Downtime & Impacts to Bot Customers

Khoros Customer Data Retention and Destruction Policy

OccasionBoardPage custom layout

Change sign in form HTML structure.

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined