Hello,
Is there a way to prevent Backendless site from XSS attack. Here is an example, when I click on “Don’t click me” link in the provided link below, it exposes sensitive data.
Please help me understand how this is an XSS? The link is a part of your own interface and it uses a JS API to display the contents of local storage. XSS is when malicious code is injected into your app from somewhere else (in other words the code does not originate from your own site).
Is there a way we can prevent someone from putting javascript and html tags in text field? The link is not part of my design. Someone posted javascript into the input text comment field
Sure, add logic to your page that would filter out or escape inserted html or js.