kishore kumar
Reputation: 21
Xss Config for data attributes
How to configure XSS-protection config.xml for data-* attributes. It is getting filtered. So far we are adding manually for each data-* attributes. Is there any way to have a generic fix?
For eg if we have <img data-src="url"/> we are adding like below.
<tag action="validate" name="img">
<attribute name="data-src" onInvalid="removeTag">
<regexp-list>
<regexp name="onsiteURL"/>
<regexp name="offsiteURL"/>
</regexp-list>
</attribute>
</tag>
Instead of this, any fix could provide in common? So that it will allow all data attributes?
Upvotes: 2
Views: 340
Answers (0)
Related Questions
- HTML-Entity escaping to prevent XSS
- Need to sanitize body of ResponseEntity in Java 8
- Java ESAPI IMPLEMENTATION
- AntiSamy to prevent XSS in java?
- XSS prevention, minimal implementation
- Preventing DOM based XSS using ESAPI
- ESAPI XSS prevention for user supplied url property
- How to implement Java ESAPI for preventing XSS?
- Xss sanitization in java
- How to escape values from HTML attribute inside jsp to avoid XSS attack?