KSEF-BUS-192 SECURITY Warning KSeF Guard Only
Script injection pattern in invoice text fields
Wzorzec script injection w polach tekstowych faktury
Problem
An invoice text field contains script code patterns (e.g. JavaScript, HTML event handlers). This may indicate an XSS attack attempt or accidental paste of code.
How to Fix
Check item descriptions and other text fields — remove any JavaScript code and HTML event handlers. Invoice fields must contain plain text only.
Source Reference
KSeF Guard security heuristic (script injection prevention)
Source Quote
“Invoice text fields must not contain script injection patterns (script tags, javascript:, etc.).”
Description
SHA-256: 45f403e515ac…
Justification
FORMATLegal Basis Chain
1
KSeF Guard — XSS / script injection prevention
KSeF Guard — prewencja XSS / script injection
“[KSeF Guard heuristic] Invoice text fields in the FA(3) schema are of xsd:string type. Scripts and HTML event handlers are not explicitly prohibited by the VAT Act but represent a classical XSS attack vector against systems that display invoice content in a browser (web reports, dashboards, email previews). Guard detects potentially dangerous patterns before the document reaches presentation layers.”
KSeF Guard security heuristic (script injection prevention)