Cross-site scripting filters
Cross-site scripting (XSS) filters are defined in the TRIRIGAWEB.properties file with the EXCLUDE_CHARACTERS and ALLOWED_CHARACTERS properties. By default, typical XSS characters are filtered.
XSS filters are applied in the following cases: (1) the user name and password input fields in the sign-in page, (2) the input fields in the IBM® TRIRIGA® Application Platform builder tools, and (3) the published name input fields in forms.
| XSS filter properties | Description |
|---|---|
| EXCLUDE_CHARACTERS | This property contains a list of characters or strings to exclude from fields, which are separated by spaces. For example: < > & { |
| ALLOWED_CHARACTERS | This property contains a list of characters or strings to allow in fields, which are separated by spaces. Regular expression characters must be escaped with a double backslash (\\). For example, ? must be specified as \\?. To allow the following four characters ? & ( ), specify \\? & \\( \\) |