Cross-Site Scripting (XSS)
Audience
This guide targets ADITO customizing developers, especially in enterprise environments, as well as architects and security stakeholders responsible for web services, email processing, and external data integration beyond core platform components.
Context
The ADITO low-code platform standardizes input and output through predefined GUI components. These components include built-in safeguards against Cross-Site Scripting (XSS) vulnerabilities.
However, security risks remain in areas that fall under the responsibility of customizing or system integration:
- Incoming data from web services
- Content from external databases or file imports
- Email processing (including HTML messages)
- Dynamic HTML or JavaScript generation
- External ui libraries
What is XSS?
Cross-Site Scripting (XSS) is a class of vulnerabilities where attackers inject malicious JavaScript into a trusted application. Common goals include:
- Account takeover through session hijacking
- Manipulation of the browser DOM
- Redirecting users to malicious pages
- Exfiltration of user data or permissions abuse
Responsibility Model in the ADITO Context
| Area | Protected by Platform | Developer Responsibility |
|---|---|---|
| Field display in GUI | ✅ Auto-escaping by components | ❌ No additional logic needed |
| User input via GUI | ✅ Validation and encoding | ❌ No manual checks required |
| Web service integration | ❌ Not protected | ✅ Validate unless source is trusted and already sanitized |
| DB access | ❌ Not protected | ✅ Validate unless source is trusted and already sanitized |
| Email handling | ❌ Depends on infrastructure | ✅ HTML sanitizing & whitelisting |
| Dynamic HTML / JavaScript usage | ❌ Not protected | ✅ Safe templates & sanitizing |
| External ui libraries | ❌ Not protected | ✅ Safe libraries & sanitizing |
Best Practices for Customizing
Principle: Never Trust Input
Treat all external or dynamic content as untrusted. Always validate and sanitize before storage or display.
Validate Incoming Data
- Enforce value ranges and formats
- Apply whitelisting of allowed content
- Restrict or reject raw HTML whenever possible
Validation can be skipped only if the data source is fully controlled, trusted, and already validated or sanitized upstream. Avoid redundant validations, but never assume trust by default.
Sanitize Content
Applies to all data originating from untrusted sources, including web services, emails, and external integrations.
Allow only explicitly required HTML tags. Reject or strip unsafe elements such as <script>, <iframe>, <style>, and inline event handlers.
Since ADITO 2025.1.1, built-in sanitizing functions are available:
Use text.sanitize() and text.sanitizeRichText().
Infrastructure Recommendations
Infrastructure can assist XSS protection in enterprise environments:
- Mail gateways with HTML filtering
- Reverse proxies or WAF with XSS pattern detection
- Logging and alerting on suspicious input payloads
Conclusion
XSS protection is mostly built into the ADITO low-code platform but is not automatic in all cases. Customizing developers remain responsible whenever external data is involved.