Exchange
Go to assets list

Anypoint Best Practices

Ruleset with over 30 best practices for APIs
  • Ruleset
  • Anypoint Platform
  • Updated last year
MuleSoft Organization published 3 years ago
    Latest1.0.3
    Stable

    no-eval-in-markdown

    general > no-eval-in-markdown

    Guidance

    This rule protects against cross-site scripting (XSS) attacks that could happen when you add description
    documents from third parties and use the parsed content rendered in HTML/JS. If one of those third parties
    does something like inject `eval()` JavaScript statements, it could lead to an XSS attack.

    Applies to WebAPI

    Constraint

    Type: Declarative Validation