How does GoRules prevent XSS? #223
-
Hi, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Hi @justin0108, XSS is not applicable to GoRules as it is a business rules engine. XSS is applicable for frontend running applications, GoRules runs on the backend. The JavaScript is evaluated inside QuickJS (similar to V8, but smaller) and each evaluation spawns a separate context / isolate. We don't use Hopefully this answers your question, but if you can provide specific scenario that presents a concern happy to go through it. |
Beta Was this translation helpful? Give feedback.
Hi @justin0108,
XSS is not applicable to GoRules as it is a business rules engine. XSS is applicable for frontend running applications, GoRules runs on the backend. The JavaScript is evaluated inside QuickJS (similar to V8, but smaller) and each evaluation spawns a separate context / isolate. We don't use
eval
or anything similar. Each function runs in it's own context and it doesn't "leak".Hopefully this answers your question, but if you can provide specific scenario that presents a concern happy to go through it.