JS code in Target activity

Question

Do you know of any validation of JS code put into AT activity in the area of security?

bjoern__koth · Answer

Hi there

As such, Adobe Target does not perform exhaustive validation on custom JavaScript entered into activity offers. In other words, the responsibility for security of injected JS lies mainly with client-side governance and your organization’s own code review practices.

This means that potentially unsafe JS (including code that could trigger cross-site scripting/XSS or client-side vulnerabilities) can be inserted into Target offers if not properly controlled (through e.g. CSP, code reviews, avoidance of eval(), etc.).

Maybe this helps

https://wwwimages2.adobe.com/content/dam/cc/en/security/pdfs/AdobeTargetSecurityOverview.pdf

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded