TsgcWebSocketFirewall › Properties › XSS
Scans inbound messages for cross-site scripting patterns and denies, allows or logs them according to Action.
property XSS: TsgcFirewallXSS read FXSS write SetXSS;—
Enable XSS.Enabled to run the built-in case-insensitive scanner that looks for <script, javascript:, event handlers (onerror=, onload=, onclick=, onmouseover=), eval(, document.cookie, <iframe, <object, <embed, <svg onload and CSS expression(. Action controls the response: faDeny rejects the message, faAllow forwards it and faLog only fires OnViolation with type fvXSS. Matches contribute to ThreatScore through WeightXSS. Defaults: Action=faDeny.
sgcWebSocketFirewall1.XSS.Enabled := True;
sgcWebSocketFirewall1.XSS.Action := faDeny;