Preventing cross site scripting in Kentico

Kentico Basics asked on October 23, 2018 20:43

what are the out-of-box ways in Kentico 10 to prevent cross site scripting attacks. preferably a non-code solution like page directive, web.config keys or client-side scripts in the master page.

Recent Answers

Peter Mogilnitski answered on October 23, 2018 22:18

it is in the documentation :) in term of web config you can do

    <httpCookies httpOnlyCookies="true" requireSSL="true">

It is also a good practice not to let anyone read cookies, as cookies are usually the main target of XSS attackers.

0 votesVote for this answer Mark as a Correct answer

Juraj Komlosi answered on October 24, 2018 17:54


to prevent Cross-site scripting attacks on your website we strongly recommend to use out-of-box web parts which are XSS safe. If you need to write your own web parts, layouts, transformations etc. I would recommend to check our documentation mentioned by Peter Mogilnitski or check our blog post about XSS protection.

Create a general rule how to protect against XSS is quite hard because it depends on the context (HTML, JavaScript etc.) the data is rendered. Our guidelines should help you to create a secure website.

Best regards,


0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.