You are here

Home » API reference » XSS Protection 7

README.txt in XSS Protection 7 

INTRODUCTION
------------
XSS Protection

This is a simple and very useful module to protect your site from XSS attacks.

How it works?

Lot of XSS attacks happen due to script tags being put up in the URL and to execute them hackers use '<', '>' to enclose tags. We did some extensive testing on few of our production sites using some renowned XSS scanners and it was difficult to plug them all. This simple fix plugged all attacks and it has been months we have seen any XSS alert on any of them

This module is not a replacement for check_plain which is intended to be used wherever possible in open drupal forms, but a generic url filter to avoid hackers from exploiting URLs. So, we are trying to sanitize cross-site suspicious GET requests here.

It blocks vulnerability attacks by identify patterns in the URLs like '<', '>','%3E' and '%3C' and hence, prevent XSS Vulnerability injection.

REQUIREMENTS
------------


INSTALLATION
------------

  * Download this module to sites/all/modules/contrib

CONFIGURATION
-------------

  * Enable it: /admin/modules
  * Enable Xss Protection: /admin/config/system/xssprotection/settings
  * Optional: Write custom message to display to user on page

Make sure for all the default URLs in your Drupal site, you are replacing your are replacing '<', '>','%3E' and '%3C' with standard '-' using Pathauto module.

MAINTAINERS
-----------

Current maintainers:
 * Nilesh Chhatbar - https://www.drupal.org/user/2788025

File

README.txt
View source 
  1. INTRODUCTION

  2. ------------

  3. XSS Protection

  4. 

  5. This is a simple and very useful module to protect your site from XSS attacks.

  6. 

  7. How it works?

  8. 

  9. Lot of XSS attacks happen due to script tags being put up in the URL and to execute them hackers use '<', '>' to enclose tags. We did some extensive testing on few of our production sites using some renowned XSS scanners and it was difficult to plug them all. This simple fix plugged all attacks and it has been months we have seen any XSS alert on any of them

  10. 

  11. This module is not a replacement for check_plain which is intended to be used wherever possible in open drupal forms, but a generic url filter to avoid hackers from exploiting URLs. So, we are trying to sanitize cross-site suspicious GET requests here.

  12. 

  13. It blocks vulnerability attacks by identify patterns in the URLs like '<', '>','%3E' and '%3C' and hence, prevent XSS Vulnerability injection.

  14. 

  15. REQUIREMENTS

  16. ------------

  17. 

  18. 

  19. INSTALLATION

  20. ------------

  21. 

  22.   * Download this module to sites/all/modules/contrib

  23. 

  24. CONFIGURATION

  25. -------------

  26. 

  27.   * Enable it: /admin/modules

  28.   * Enable Xss Protection: /admin/config/system/xssprotection/settings

  29.   * Optional: Write custom message to display to user on page

  30. 

  31. Make sure for all the default URLs in your Drupal site, you are replacing your are replacing '<', '>','%3E' and '%3C' with standard '-' using Pathauto module.

  32. 

  33. MAINTAINERS

  34. -----------

  35. 

  36. Current maintainers:

  37.  * Nilesh Chhatbar - https://www.drupal.org/user/2788025