How to prevent (Vulnerability) script type data entry in the database

We are using OJS-3.3.0-12 and want to prevent script-type data from entering during registration or public data entry like authors.

Ex. <body background=“javascript:alert(“XSS”)”>, < script src=>< /script >, < script> alert(“XSS”); < /script >


Hi @shantanusingh,

Our policy is not to filter content on entry, but to filter it appropriate to its use when it is displayed or exported. If you see a place where data is not correctly escaped on display or export, please report it following our security guidelines: ojs/ at main · pkp/ojs · GitHub

Alec Smecher
Public Knowledge Project Team

This topic was automatically closed after 10 days. New replies are no longer allowed.