Protection from spam/XSS attacks in the feedback form
44 views
Skip to first unread message
euler
Sep 9, 2024, 2:06:32 AM9/9/24
to DSpace Technical Support
Dear All,
Lately, one of the repository I am handling received massive emails from its feedback form. I wonder how we can mitigate this? It seems that the message was sent even though some of the values in the field did not pass validation, like in the email address field.
Although I assumed that DSpace is safe from XSS attacks, it is very annoying when your inbox is bombarded by garbage messages.
This particular repository is running version 8.0. Is it possible to apply reCaptcha in the feedback form? I enabled captcha, but this feature was used only for self-registration.
Thanks in advance!
euler
DSpace Technical Support
Sep 9, 2024, 12:08:08 PM9/9/24
to DSpace Technical Support
Hi Euler,
I can confirm that there should be no way to do an XSS attack via this Feedback Form. It's also worth noting that Angular itself has strong protection against XSS attacks on any forms in general.
Tim
I can confirm that there should be no way to do an XSS attack via this Feedback Form. It's also worth noting that Angular itself has strong protection against XSS attacks on any forms in general.
Currently the Captcha feature is specific to the registration form, but there have been requests to make it more generic to allow it to be used elsewhere (e.g. the request a copy form as well).
So, I'd recommend creating a ticket about adding it also to the Feedback form (as I don't see a ticket of that type yet). It seems like that would be another good place to add this feature.
So, I'd recommend creating a ticket about adding it also to the Feedback form (as I don't see a ticket of that type yet). It seems like that would be another good place to add this feature.
Tim
Reply all
Reply to author
Forward
0 new messages