Custom HTML for Banners

Hello friends,

Appreciate your thoughts on this, mainly from a security perspective. We were exploring custom HTML Banners in Braze. In this case, the SDK would render both the content payload and the HTML to the website DOM and the browser would execute the code.

We were conscious that anyone could accidently insert malicious content into the HTML, resulting in PII sharing, stolen cookie tokens etc. Currently we can set allowUserSuppliedJavascript to 'true' to accept custom JS

Has anyone implemented guardrails within your teams/ processes to manage such risks whilst leveraging the custom HTML for Banners? Would be great to hear your thoughts.

Regards
Raj

data transformation

SDKs and APIs

Google Tag Manager

Forum Discussion

Custom HTML for Banners

Related Content

HTML Preference Center

Action Path based on custom attribute

Nested custom attributes in Custom HTML messages

Latency when refreshing Banner

Figma to Braze HTML templates

Recent Discussions

Custom HTML for Banners

Challenges with Fetching Spam-Blocked Users from Braze

First_did_event

Query Builder, Fetch records from USERS_CANVAS_ENTRY_SHARED view using Canvas Name

Loyalty programme recommendations