Malicious JavaScript

What It Means

This request attempted to insert malicious JavaScript into your application.

Why It Matters

Malicious JavaScript injection is closely related to cross-site scripting but specifically targets JavaScript code insertion. If successful, the injected code can execute in your users’ browsers to steal credentials, redirect visitors to malicious sites, or modify page content.

Common Triggers

Requests containing JavaScript code fragments, encoded script tags, or JavaScript event handlers in form fields, URL parameters, or HTTP headers.

What To Do

These blocks protect your users. If legitimate content that includes JavaScript code is being blocked (such as a code editor or developer tool), use Path Allowlisting to exempt that specific endpoint.