Cross-site scripting filters

Cross-site scripting (XSS) filters are defined in the TRIRIGAWEB.properties file with the EXCLUDE_CHARACTERS and ALLOWED_CHARACTERS properties. By default, typical XSS characters are filtered.

XSS filters are applied in the following cases: (1) the user name and password input fields in the sign-in page, (2) the input fields in the IBM TRIRIGA Application Platform builder tools, and (3) the published name input fields in forms.

XSS filter properties Description
EXCLUDE_CHARACTERS This property contains a list of characters or strings to exclude from fields, which are separated by spaces. For example: < > & {
ALLOWED_CHARACTERS This property contains a list of characters or strings to allow in fields, which are separated by spaces. Regular expression characters must be escaped with a double backslash (\\). For example, ? must be specified as \\?. To allow the following four characters ? & ( ), specify \\? & \\( \\)