Cross-site scripting (XSS) is a widely known vulnerability most web sites have. This
page does not provide general information about cross-site scripting but focuses on what you
as an application developer using SAPUI5 can do to avoid these security issues.
The SAPUI5 framework provides a client-side API to manage a white list for URLs. This
whitelist can be used to validate arbitrary URLs if they are permitted or not.
frameOptions is used to prevent security vulnerabilities like
clickjacking. With the frameOptions configuration you define whether SAPUI5 is allowed to run
embedded in a frame or only from trusted origins or not at all.