Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco and cross-site attack

warrenzhai
Champ in-the-making
Champ in-the-making

‎04-09-2007 11:24 AM

I am able to upload the following HTML document in Alfresco which may contain some malicious Javascript:

<html>
   <head>
   </head>

   <body>
      <script type="text/javascript">
         alert("You have been XSS attacked!");
      </script>
   </body>
</html>

Users who view this HTML document may inadvertently execute malicious JavaScript code in the background.  I am wondering what can be done to prevent this in Alfresco (1.3).
Labels:
0 Kudos
1 REPLY 1

rdanner
Champ in-the-making
Champ in-the-making

‎04-16-2007 02:10 AM

I am able to upload the following HTML document in Alfresco which may contain some malicious Javascript:

<html>
   <head>
   </head>

   <body>
      <script type="text/javascript">
         alert("You have been XSS attacked!");
      </script>
   </body>
</html>

Users who view this HTML document may inadvertently execute malicious JavaScript code in the background.  I am wondering what can be done to prevent this in Alfresco (1.3).

You can write an action that executes when content is added to a space.  That action can filter for whatever you think could cause harm.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC