We recently had our website security tested and one of the issues was that it was vulnerable for XSS attacks. I did some reading on the web about this and came across the package XSSFilter as part of the CQ installation. Can anyone give some more information on how I should use this package?
Also, is standard XSS filtering not automatically applied in CQ? I read the following paragraph about it on Day's website and I find it a bit dubious:
"CQ applies the principle of filtering all user-supplied content upon output. Preventing XSS is given the highest priority during both development and testing."
If this isn't applied by default can we expect this to come out in a later release of CQ?
Many thanks!