0

Able to do it for jsp and java files, doubt how to make use of xssAPI.encodeForJSString("") in some .js file in adobe cq5.6

This is to do with xss issue reported by fortify tool for below code in js file

window.location.href = window.location.href + ("?mode=view");

akashdeep-mishra
  • 343
  • 4
  • 19

1 Answers1

0

You don't need to use the AEM xssAPI at the front-end. It's an internal utility to be used by the AEM back-end code. There are other tools, more applicable to the use case you're describing.

Use the built-in function encodeUriComponent available in the browser.

See this answer for more information.

toniedzwiedz
  • 17,895
  • 9
  • 86
  • 131
  • Yes was looking for something like this since xssAPI used in the backed. Do we have validators for front end to be used like xssAPI.getValidHref()? – akashdeep-mishra Oct 06 '17 at 18:59