Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
rsharma
New Member

How To prevent attacks such as cross-site scripting or link Injection on Report Comments.

‎06-05-2019 07:55 AM

Hi,

 

We have BI Reports with comment feature where user can post any comments, in the security check we noticed that there is no validation on user comments to prevent data validation attack such as cross-site scripting or link Injection. Is there any or centralized validation module to prevent such contents post.

 

Regards,

Ravi

Labels:
Message 1 of 3
1,110 Views
0
2 REPLIES 2
LizOsbourn
Regular Visitor

‎12-18-2019 01:18 AM

Hello - I am concerned about same - how does MS prevent cross site scripting threats in the PBI web browser  ? 

Is the browser code ( javascript/html ) is output encoded so that any bad data masking as code that may possibly be retrieved from a data source would not be able to impact the PBI gateway browser ?

Message 3 of 3
909 Views
0
Anonymous
Not applicable

‎11-21-2019 01:55 AM

Hi Ravi,

 

I don't see the issue here. How can you create an XSS in the comments?

Message 2 of 3
989 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All