cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you get called away in the middle of writing a post? Don't worry you can find your unfinished post later in the Drafts section of your profile page. X

How to remove html injection in ThingWorx applications?

pgupta17
7-Bedrock

How to remove html injection in ThingWorx applications?

How to remove html injection in ThingWorx applications?

ACCEPTED SOLUTION

Accepted Solutions

TWX uses scripts that shares the same logic with Javascript, but you will never see <title></title> in real TWX script coding areas, thus you don't need to worry about the symbols like < in here, and it works as Smaller Than.

View solution in original post

4 REPLIES 4

Hi,

 

Can you offer an example for HTML injection that could perform in TWX? 

 

There are several ways to block the potential injection since JavaScript in Mashup is not independent, and it does not have access to all information.

 

You can form the services and subscription codes smartly to avoid injection;

You can carefully assign the Login User Runtime permission to disable the access;

The name of the entities that stores important data should not be told to outsiders so hackers can't find the object to refer to;

Some data are stored inside the External Database and controlled by SQL services, don't open this access to the Mashup directly.

 

These are the steps I can think of for the moment.

pgupta17
7-Bedrock
(To:zyuan1)

How it may be possible to block any input containing HTML metacharacters such as < and >. Alternatively, how these characters can be replaced with the corresponding entities: &lt; and &gt; ?

TWX uses scripts that shares the same logic with Javascript, but you will never see <title></title> in real TWX script coding areas, thus you don't need to worry about the symbols like < in here, and it works as Smaller Than.

slangley
23-Emerald II
(To:zyuan1)

Hi @pgupta17.

 

If one of the previous responses answered your questions, please mark the appropriate one as the Accepted Solution for the benefit of others with the same question.

 

Regards.

 

--Sharon

Announcements


Top Tags