Prevent JavaScript Injection in the catalog item via browser console

Suresh1
Tera Guru

‎04-26-2023 12:42 AM - edited ‎04-26-2023 12:50 AM

Hi All,

 

I have an issue in the catalog item. User Fills the data using JavaScript injection in the browser console and because of this, we had to do lot of validations to make sure user enters correct data.

 

Scenario: Lets say there are 2 drop down fields , user can easily go to the console of browser and can inject / edit the html data in the console and can submit the data.

Is there any way to prevent JavaScript Injection in the browser?

OR

 

Is there a way we can prevent users from using inspect element / F12 of browser or using browser console?

 

Thanks,
Suresh

0 Helpfuls
  • 1,096 Views
2 REPLIES 2

Amit Gujarathi
Giga Sage
Giga Sage

‎04-26-2023 12:54 AM

Hi @Suresh1 ,
I trust you are doing great.

 

There are a few steps that we can take to prevent this from happening.

Firstly, we can disable the browser's developer tools such as inspect element and console. This can be done by adding a script to the page that detects if the developer tools are open and blocks them from being used. However, it's important to note that this is not a foolproof solution as users can still use other methods to inject JavaScript code.

Secondly, we can add additional validation logic on the server-side to ensure that the data entered by the user is correct. This can be done using server-side scripting such as Business Rules, Script Includes, or server-side API calls to validate the data.

Lastly, we can also use client-side scripting to validate the data entered by the user before it is submitted to the server. This can be done using JavaScript libraries such as jQuery or AngularJS to perform client-side validation.

Here's an example code snippet for server-side validation using Business Rules:

 

 

 

(function executeRule(current, previous /*null when async*/) {

  // Get the values entered by the user
  var field1 = current.getValue('field1');
  var field2 = current.getValue('field2');

  // Perform server-side validation
  if (field1 == '' || field2 == '') {
    current.setAbortAction(true);
    gs.addErrorMessage('Please enter valid values for field1 and field2');
  }

})(current, previous);

 


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



Suresh1
Tera Guru
In response to Amit Gujarathi

‎04-26-2023 01:20 AM

Hi Amit,

 

Thanks for the reply. I am already doing the second and third options to validate the data at client and server end. I have to do all these validations at the catalog item ordering OOB page.

 

On the disabling browser's developer tools do you have any sample script which i can use in DOM manipulation? I checked few scripts from stack overflow and other communities but exact script i couldn't able to get it.

 

 

Thanks,
Suresh

0 Helpfuls