cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X

How to remove html injection in ThingWorx applications?

Go to solution
pgupta17
7-Bedrock
7-Bedrock
‎Dec 01, 2018 06:06 AM
‎Dec 01, 2018 06:06 AM

How to remove html injection in ThingWorx applications?

How to remove html injection in ThingWorx applications?

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
zyuan1
18-Opal
18-Opal
(To:pgupta17)
‎Dec 03, 2018 02:46 AM
‎Dec 03, 2018 02:46 AM

TWX uses scripts that shares the same logic with Javascript, but you will never see <title></title> in real TWX script coding areas, thus you don't need to worry about the symbols like < in here, and it works as Smaller Than.

View solution in original post

0 Kudos
Notify Moderator
4 REPLIES 4
zyuan1
18-Opal
18-Opal
(To:pgupta17)
‎Dec 02, 2018 09:22 PM
‎Dec 02, 2018 09:22 PM

Hi,

 

Can you offer an example for HTML injection that could perform in TWX? 

 

There are several ways to block the potential injection since JavaScript in Mashup is not independent, and it does not have access to all information.

 

You can form the services and subscription codes smartly to avoid injection;

You can carefully assign the Login User Runtime permission to disable the access;

The name of the entities that stores important data should not be told to outsiders so hackers can't find the object to refer to;

Some data are stored inside the External Database and controlled by SQL services, don't open this access to the Mashup directly.

 

These are the steps I can think of for the moment.

0 Kudos
Notify Moderator
pgupta17
7-Bedrock
7-Bedrock
(To:zyuan1)
‎Dec 03, 2018 02:10 AM
‎Dec 03, 2018 02:10 AM

How it may be possible to block any input containing HTML metacharacters such as < and >. Alternatively, how these characters can be replaced with the corresponding entities: &lt; and &gt; ?

0 Kudos
Notify Moderator
zyuan1
18-Opal
18-Opal
(To:pgupta17)
‎Dec 03, 2018 02:46 AM
‎Dec 03, 2018 02:46 AM

TWX uses scripts that shares the same logic with Javascript, but you will never see <title></title> in real TWX script coding areas, thus you don't need to worry about the symbols like < in here, and it works as Smaller Than.

0 Kudos
Notify Moderator
slangley
23-Emerald II
23-Emerald II
(To:zyuan1)
‎Dec 14, 2018 02:19 PM
‎Dec 14, 2018 02:19 PM

Hi @pgupta17.

 

If one of the previous responses answered your questions, please mark the appropriate one as the Accepted Solution for the benefit of others with the same question.

 

Regards.

 

--Sharon

0 Kudos
Notify Moderator
Top Tags