Can we use @context='scriptComment' for including JS and html markup | Community
Skip to main content
N
NehaMa
New Participant
August 17, 2021
Solved

Can we use @context='scriptComment' for including JS and html markup

  • August 17, 2021
  • 2 replies
  • 1532 views

Hi Team

 

As we should not use context=unsafe to prevent xss vulnerability , is it safe to use textarea field with values with some js code and html markup with context=scriptComment to prevent stripping of script tags

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by BrianKasingli

For HTML and JS, you should try using

${properties.customHTML @ context='html'}          <!--/* Use this in case you want to output HTML - Removes markup that may contain XSS risks */-->

${properties.cusomJS @ context='scriptString'}  <!--/* Applies JavaScript string escaping */-->

HTML Template Language Specification - https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md

Let me know how it goes,

Brian

2 replies

BrianKasingli
BrianKasingliAccepted solution
New Participant
August 19, 2021

For HTML and JS, you should try using

${properties.customHTML @ context='html'}          <!--/* Use this in case you want to output HTML - Removes markup that may contain XSS risks */-->

${properties.cusomJS @ context='scriptString'}  <!--/* Applies JavaScript string escaping */-->

HTML Template Language Specification - https://github.com/adobe/htl-spec/blob/master/SPECIFICATION.md

Let me know how it goes,

Brian

    B
    BimmiSo
    Employee
    August 17, 2021

    Hi @nehama ,

     

    I dont think there should be any issue using context= scriptComments

     

    ${properties.jcr:title @ context='scriptComment'} <!--/* Context for Javascript block comments. Outputs nothing if value break out of the comment context */-->

     

    Hope this helps!!

    Thanks

      Terms & ConditionsAccessibility statement

      Loading footer...