XFS/XSS
how to handle the https://owasp.org/www-community/attacks/Cross_Frame_Scripting vulnerability for the Iframe tag which is generated by Visual embed SDK
3 Replies
We have the capability to specify content security policies within "security settings" page on the develop tab.
If you specify the specific values there, you are protected from XFS/XSS.
these are configurations I have added in the TS cloud portal. please check the screenshot and let me know if anything is missing. this is my embed application url :- https://insights-ts-dev.hpcloud.hp.com/
Yes these look good, now no other site other than the ones mentioned can embed a TS iframe and show it to a user