With RStudio Connect as publishing platform with R 3.3.3, are there any anti-XSS packages to consider for use with R v3.3.3. Are there other potential solutions to the JQuery/XSS vulnerability.
Generally speaking, it's best not to discuss potential security vulnerabilities on open forums (especially with specific versions / product references) 
(reason being that bad actors can use information like that to cause trouble).
If you think you have found a vulnerability in RStudio Connect, I would point you to our security disclosure recommendations: Product Security - RStudio
If you are wondering how to make sure your particular RStudio Connect installation is not vulnerable to security threats, I would recommend reading the relevant section of our admin guide:
https://docs.rstudio.com/connect/admin/security-and-auditing/#custom-headers
And potentially reaching out to your Customer Success representative or our support team (support@rstudio.com)
All of that said, RStudio Connect handles the browser's connection to an R process (through a Shiny app / etc.), so I would expect most XSS protection to go into and be configured within Connect. However, I know that Shiny loads jquery, so I would recommend using a recent version of Shiny / etc. (dev Shiny currently purports to work with R >= 3.0.2, so you should have some success there, although dependencies might vary - shiny/DESCRIPTION at 5c4175cd5fbeca303f80e81701c7ae585e69bd74 · rstudio/shiny · GitHub)
Similarly, I would recommend upgrading to a recent version of RStudio Connect, since we often address bugs, fix security vulnerabilities, and add features in each release. News for our releases are here: RStudio Connect: News
1 Like
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
If you have a query related to it or one of the replies, start a new topic and refer back with a link.