Try OpenEdge Now
skip to main content
Server Administrator's Guide
Business Process Server web security : XSS handler implementation : XSS configuration : XSS actions
 
XSS actions
The XSS handler applies the xss rules on the input data, which are configured under the <xss-rules> sections in the bmxssconfig.xml.
As part of the input data validation, the following things can happen.
1. Finding tags that are not accepted.
2. Finding attributes that are not accepted.
XSS rules section explains about how to define a tag attribute and whether to allow or stop a tag attribute.
Actionon unaccepted attributes and Actionon unaccepted tags explains what action should be taken when an attribute or tag is not accepted.
A sample snippet is given below:
<xss-actions>
  <unaccepted-tag-action-type>ENCODE</unaccepted-tag-action-type>
  <unaccepted-attribute-action-type enabled='true'>REMOVE</unaccepted-attribute-action-type>
</xss-actions>
* Action on unaccepted tags
* Action on unaccepted attributes