Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This project is not covered by Drupal’s security advisory policy.
Vulnerability Blocker
This is a simple but very powerful module that we have used with success on some of our production sites.
How it works?
Lot of XSS attacks happen due to script tags being put up in the URL and to execute them hackers use '<', '>' to enclose tags. We did some extensive testing on few of our production sites using some renowned XSS scanners and it was difficult to plug them all. This simple fix plugged all attacks and it has been months we have seen any XSS alert on any of them
This module is not a replacement for check_plain which is intended to be used wherever possible in open drupal forms, but a generic url filter to avoid hackers from exploiting URLs. So, we are trying to sanitize cross-site suspicious GET requests here.
It blocks vulnerability attacks by identify patterns in the URLs like '<', '>','%3E' and '%3C' and hence, prevent XSS Vulnerability injection.
Usage:
1. Download this module to sites/default/modules
2. Enable it from admin/settings/performance
Make sure for all the default URLs in your Drupal site, you are replacing your are replacing '<', '>','%3E' and '%3C' with standard '-' using Pathauto module.
Caution: This module is experimental and feedback from the community is highly solicited. Send feedback on drupal@ebizontek.com.
Sponsored by 
Project information
- Module categories: Security
1 site reports using this module- Created by sudeepg on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
