AnsweredAssumed Answered

Avoid XSS in Nintex forms - SharePoint 2013

Question asked by neerajbaimbi on May 3, 2017

Version: Nintex forms (V 2.9.4.0) for SharePoint 2013.

A user is able to add javascript inside the multiline text box on the Nintex form. Although the value (script) does not gets saved to SharePoint list but the script does get executed on the form. 

 

  • <script>
    alert("Hello, I can execute JS code in your browser");
    </script>

 

Is there any way to stop or avoid this like configuring or adding some kind of validation?

 

Appreciate your help!

Outcomes