4 Replies Latest reply on Nov 23, 2016 5:49 AM by anshikagarwal

    How can I encode Javascript snippets in widget.jsp?

    urs h. Level 1

      Hi 

      I use a lot of Javascript in custom components. Therefor I use custom properties that I added to the custom component's dialog. 

      I've found that all properties provided by the user via the component's dialog are encoded in the JSP:

      name="${guide:encodeForHtmlAttr(guideField.name,xssAPI)}"

      com.adobe.aemds.guide.taglibs.GuideELUtils provides 

       

          

      encodeForHtml(String str, XSSAPI xssapi) 

      encodeForHtmlAttr(String str, XSSAPI xssapi) 

      but does not provide methods for other encoding recommended by https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Projec t

      How can I protect against XSS using the aem toolset?

      Thank you, 

      Urs