DOMPurify Prototype Pollution Vulnerability was shown on security scan . How do we address this
@ShajiV93 To find documentation about Pega-documented vulnerability issues, you can refer to the Pega Security Advisories and Security Bulletins available through the Pega Trust Centre.
These resources provide information on known vulnerabilities and recommended actions. For specific vulnerabilities like the DOMPurify Prototype Pollution Vulnerability, it is essential to check if there are any updates or patches available for the affected components. Additionally, ensure that your applications are using the most secure versions of libraries and components, and consider implementing security guidelines to mitigate such vulnerabilities.
Mitigating common security vulnerabilities
DOMPurifier is a security feature introduced in Pega Platform version 8.5 and later to sanitize the Document Object Model (DOM) and prevent security vulnerabilities like Cross-Site Scripting (XSS) attacks. It filters scripts, attributes, and tags that can contain XSS, ensuring that the Rich Text Editor (RTE) operates securely. If DOM sanitization is not relevant for your application needs, you can disable it by adding the setting ‘window.disableDomPurifier = true;’ to the User Work Form.
Rich Text Editor issues caused by DOMPurifier filters for security
If you have any specific concerns which are not documented, please log a support incident via the MSP.