You would like to know what measures can be taken to prevent XSS (Cross-Site Scripting attacks) for a custom plugin.
Custom developed plugins are out of scope for the Jive Support team. You will need to reach out to the Professional Services team for further information on this topic. Kindly reach out to your Account Executive for more information on Professional Service engagement.
In the interim, you can find further instructions from the security team. Please note that the recommendations below are only for hardening the environment and making it more difficult for XSS attacks to be effective. Performing these alone with not ensure complete protection from XSS attacks.
On the Jive system properties, you can modify default values:
You will need to apply the next changes to the tile addon files:
The changes to be made are:
Please note that we follow OWASP security best practices. You can find more information below: