Question
· Nov 7

Existing protections against XSS attacks on CSP pages ?

Is there any mechanism already implemented in IRIS to prevent XSS exploits ? 

This case happen when user input html/javascript content into fields and submit the page. If saved content is rendered as is, it's going to be executed by anyone visiting the page.

What I am looking for : 

  • Built-in protection mechanisms that can be enabled globally (eg: per web application) or per CSP page. Something similar to a web application firewall.
  • Functions to call manually that can detect such content in fields or sanitize them (remove unwanted content). I could implement such functions myself but don't want to re-invent the wheel or to take the risk to be not covering all the cases.
Product version: IRIS 2021.1
$ZV: IRIS for Windows (x86-64) 2021.1 (Build 215U) Wed Jun 9 2021 09:39:22 EDT
Discussion (4)2
Log in or sign up to continue