Documentation / Tutorials / Awesome Enterprise

To prevent XSS attacks of the Forms

/ Awesome Enterprise / To prevent XSS attacks of the Forms

Add your forms html in the [html.trusted] shortcode.

add the “data-safe_id='[app.safe_id /]’” attribute to your all form elements scripts and form tag itself.

 

Sample:

[html.trusted]
  <form data-safe_id='[app.safe_id /]' class="sample-form" method="post" novalidate>
    <div class="form-group">
      <div class="label-wrapper">
        <label class="field-label">Enter Name</label>
      </div>
      <div class="field-wrapper">
        <input type="text" name="name" class="form-control" placeholder="Enter Name" data-safe_id='[app.safe_id /]'>
        <p class="help-block"></p>
      </div>
    </div>

    <div class="form-group">
      <div class="label-wrapper">
        <label class="field-label"></label>
      </div>
      <div class="field-wrapper">
        <input type="submit" name="submit" value="Submit" class="submit1" data-safe_id='[app.safe_id /]'>
        <p class="help-block"></p>
      </div>
    </div>
  </form>

  [session_ticket.create nonce=yes set=module.ticket_id/]
  [arr.create set="module.collection"]
    [post_type]m_samples[/post_type]
  [/arr.create]
  [session_ticket.set_activity {module.ticket_id} collection='{module.collection}' module='{module.slug}.save_data' /]
  <script
      data-safe_id='[app.safe_id /]'
      type="spa/axn"
      axn='form.ajax'
      route_ajax='t/[module.ticket_id /]'
      bind='submit'
      bind_selector='.sample-form'
    ></script>
[/html.trusted]

 

Also include the DOMPurify library in your awesome-js app.

sample can be found in DesignCafe dev site.

Categories
Most Popular

Leave a Reply

Your email address will not be published. Required fields are marked *