THE INFORMATION IN THIS ARTICLE APPLIES TO:
What sort of DOM XSS (client XSS) mitigation techniques does EFT use?
Document Object Model (DOM)-based Cross-Site Scripting (XSS) is a client (browser)-side injection issue in which the attack is injected into the application during runtime in the client (browser) directly.
To mitigate DOM XSS, EFT behaves per the following guidelines:
- Use safe methods when dynamically rendering HTML: EFT’s web client uses methods and practices recommended by OWASP for creating dynamic interfaces.
- Use caution when dealing with methods that implicitly eval() data and with eval() itself: EFT’s web client uses OWASP-approved methods of parsing JSON payloads.