Skip to main content

 

Reference

 

 

OutSystems

JavaScript Injection Warning

  • Edit
  • Message
    Ensure the expression is protected by using EncodeJavaScript(), or VerifyJavascriptLiteral() from the Sanitization extension, to avoid security flaws.
    Cause
    The expression mentioned in the warning has a value that comes from the end user input and that is susceptible to contain malicious content.
    Recommendation

    Do one of the following:

    • Use the EncodeJavascript() built-in function to replace all JavaScript reserved characters by their escaped counterpart;
    • Use the VerifyJavascriptLiteral() function from the Sanitization extension module to ensure that the value entered by the end user only contains valid JavaScript or JSON literals.
    • Was this article helpful?