When developing dynamic web pages in LabKey Server, you should be careful not to introduce unintentional security problems that might allow malicious users to gain unauthorized access to data or functionality.
This topic contains some examples and best practice advice.
Common Security Risks
The following booklet provides a quick overview of the ten most critical web application security risks that developers commonly introduce:https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
To HTML-encode text, use the following function in the Ext library, which is always available to you in a LabKey wiki page or view:
var myValue = ...value from input control...
var myValueEncoded = Ext.util.Format.htmlEncode(myValue);
/ / … save myValueEncoded to the database, or redisplay it as follows:
For more details on the Ext.util.Format class, see the Ext API documentation at the following link:http://www.extjs.com/deploy/dev/docs/?class=Ext.util.Format
For more information on web development and security risks, see the following site:http://www.owasp.org/index.php/Main_Page