Skip to main content

 

 

Documentation
OutSystems 11
Reference
Errors and Warnings
Warnings
HTML Injection Warning
Warnings

 

 
Language:
English|日本語
 
Service Studio version:
 
 
OutSystems

HTML Injection Warning

  1. Last updated
  2. Save as PDF
Template:OutSystems/Documentation_KB/ContentCollaboration
  • Edit
    Collaborate with us
    Edit this page on GitHub
    • Message
    Ensure the expression is protected by using EncodeHTML(), EncodeJavascript(), or SanitizeHtml() from the Sanitization extension, to avoid security flaws.
    Cause
    The expression mentioned in the warning has a value that comes from the end user input and that is susceptible to contain malicious content.
    Recommendation

    Do one of the following:

    • Enable the Escape Content property of the expression.
    • Use the EncodeHtml() built-in function to replace all HTML reserved characters by their escaped counterpart.
    • Use the EncodeJavascript() built-in function to replace all JavaScript reserved characters by their escaped counterpart so they can be included in a JavaScript string.
    • Use the SanitizeHtml() function from the Sanitization extension module to ensure that the value entered by the end user does not contain any malicious content.
    • Use the EncodeUrl() built-in function to replace all URL invalid characters by their percent-encoded counterpart.
    1. Back to top
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Owner
      TechComm
    2. Tags
      This page has no tags.