Enabling Vulnerability Mitigation

Use this procedure to provide an additional layer of protection against cross-site scripting (XSS) attacks. This procedure will help protect against XSS attacks that use various scripting tags in data or that use SQL statements in data.

The configuration of the vulnerability mitigation is controlled by the xssvalidator.properties file. The following options are currently supported:


Option	Description
xssvalidation.isenabled=	Set to `true` to enable vulnerability mitigation for XSS attacks. Set to `false` to disable vulnerability mitigation for XSS attacks.
validators=	Enter a list of comma-separated values. Valid values are: `ScriptTag`: Enables detection of XSS attacks by checking for various scripting tags in data. `SQLInjection`: Enables detection of XQL statements (or parts of them) in data.