Hi Euler, I can confirm that there should be no way to do an XSS attack via this Feedback Form. It's also worth noting that Angular itself has strong protection against XSS attacks on any forms in general.
Currently the Captcha feature is specific to the registration form, but there have been requests to make it more generic to allow it to be used elsewhere (e.g. the request a copy form <https://github.com/DSpace/DSpace/issues/8976> as well). So, I'd recommend creating a ticket about adding it also to the Feedback form (as I don't see a ticket of that type yet). It seems like that would be another good place to add this feature. Tim On Monday, September 9, 2024 at 1:06:32 AM UTC-5 euler wrote: > Dear All, > > Lately, one of the repository I am handling received massive emails from > its feedback form. I wonder how we can mitigate this? It seems that the > message was sent even though some of the values in the field did not pass > validation, like in the email address field. > > Although I assumed that DSpace is safe from XSS attacks, it is very > annoying when your inbox is bombarded by garbage messages. > > This particular repository is running version 8.0. Is it possible to apply > reCaptcha in the feedback form? I enabled captcha, but this feature was > used only for self-registration. > > [image: spam1.PNG] > [image: spam2.PNG] > [image: spam3.PNG] > Thanks in advance! > euler > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/c260cbca-9880-4460-bb97-fb4281d2d310n%40googlegroups.com.
