Published on 08/29/2019
Published by Swapnil k
To prevent XSS attacks of the Forms
Add your forms html in the [html.trusted] shortcode.
add the “data-safe_id='[app.safe_id /]’” attribute to your all form elements scripts and form tag itself.
Sample:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
[html.trusted] <form data-safe_id='[app.safe_id /]' class="sample-form" method="post" novalidate> <div class="form-group"> <div class="label-wrapper"> <label class="field-label">Enter Name</label> </div> <div class="field-wrapper"> <input type="text" name="name" class="form-control" placeholder="Enter Name" data-safe_id='[app.safe_id /]'> <p class="help-block"></p> </div> </div> <div class="form-group"> <div class="label-wrapper"> <label class="field-label"></label> </div> <div class="field-wrapper"> <input type="submit" name="submit" value="Submit" class="submit1" data-safe_id='[app.safe_id /]'> <p class="help-block"></p> </div> </div> </form> [session_ticket.create nonce=yes set=module.ticket_id/] [arr.create set="module.collection"] [post_type]m_samples[/post_type] [/arr.create] [session_ticket.set_activity {module.ticket_id} collection='{module.collection}' module='{module.slug}.save_data' /] <script data-safe_id='[app.safe_id /]' type="spa/axn" axn='form.ajax' route_ajax='t/[module.ticket_id /]' bind='submit' bind_selector='.sample-form' ></script> [/html.trusted] |
Also include the DOMPurify library in your awesome-js app.
sample can be found in DesignCafe dev site.