Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Prevent inline javascript injection

    Do you have any security measures that I could enable that would not allow the execution of inline javascript tags like `onLoad()`?


    SmartClient version (available on lower left of Developer Console)
    SmartClient Version: v11.0p_2017-02-16/Pro Development Only (built 2017-02-16)

    #2
    We’re not following - are you trying to prevent other JavaScript on the page from adding handlers? Generally speaking, once someone has figured out a way to inject JavaScript in your page, that’s game over; its too late for any security measures.

    Comment


      #3
      I'm talking about xss protection

      Comment


        #4
        Preventing XSS is a broad topic and most techniques are generic, not specific to SmartClient, however, as far as data entered into SmartClient components, generally you either use validators to restrict the input to characters that could never form a valid script tag, or you use dataSourceField.escapeHTML.

        Comment

        Working...
        X