Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Malicious input handli...
Microsoft Dynamics CRM (Archived)

Malicious input handling on lead form

(0) ShareShare
ReportReport
Posted on by VPrashant 675

Hi all,

I have a lead form and I am typing this <script>alert('hello');</script> in FirstName field. It gets saved correctly. And it seems that CRM handles such things and it doesn't execute the script that is written in text field even after Refresh of the form or while saving the form.

But we also have a custom search window (web resource) that takes some parameters to find a specific lead. When this lead is found with some distinguishable parameter, the script executes first and then the lead is opened. 

So my question is how to stop this execution of script that gets loaded when called from any WR. 

Can someone please provide how to handle such malicious inputs in CRM 365?

Thanks,

Prashant

*This post is locked for comments

  • RaviKashyap Profile Picture
    RaviKashyap 55,410 on at
    RE: Malicious input handling on lead form

    Hi,

    I don't think this has anything to do with D365 and is purely based on your custom HTML web resource. I am sure if you run that web resource outside of CRM, you will get the same behaviour. So you need to change your html.

    Can you share our WR details here for other to review/check.

  • Suggested answer
    Dynamics365 Rocker Profile Picture
    Dynamics365 Rocker 7,755 on at
    RE: Malicious input handling on lead form

    In Dynamics 365 for CE, You have to create a web resource and write your script there.

    You can call that web resource on form events, field on change event, grid event and Business process flow events.

    For more details follow below link:

    docs.microsoft.com/.../walkthrough-write-your-first-client-script

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans