4 Replies Latest reply on Nov 23, 2016 5:49 AM by anshikagarwal

    How can I encode Javascript snippets in widget.jsp?

    urs h. Level 1


      I use a lot of Javascript in custom components. Therefor I use custom properties that I added to the custom component's dialog. 

      I've found that all properties provided by the user via the component's dialog are encoded in the JSP:


      com.adobe.aemds.guide.taglibs.GuideELUtils provides 



      encodeForHtml(String str, XSSAPI xssapi) 

      encodeForHtmlAttr(String str, XSSAPI xssapi) 

      but does not provide methods for other encoding recommended by https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Projec t

      How can I protect against XSS using the aem toolset?

      Thank you,