Blocking HTML in Forms (XSS Prevention)

Attackers often inject Javascript and HTML into forms to gain access to admin areas, exfiltrate data from other users, or delete resources on your site.

This rule catches forms that contain HTML and Javascript at the WAF level before they're pushed into your application. This is disabled by default, as you may currently be depending on this in your application.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Last updated on August 25, 2020