The xProfile module provides high performance search queries for customer and organization data.
Through xProfile, you can perform Create, Read, Update, and Delete (CRUD) operations with users, organizations, and contacts.
Just like other xAPI modules, xProfile module resides on a website's or application's back end and is managed with queries. It enables efficiently creating, updating, and deleting various entity profiles.
- xProfile module documentation
- View on GitHub
- Experience API Documentation
- Getting started
- How to use GraphiQL
- How to use Postman
- How to extend
- Virto Commerce Frontend architecture
The module includes server-side input validation to prevent stored XSS attacks. Validation is configurable via appsettings.json under FrontendSecurity:InputValidation:
{
"FrontendSecurity": {
"InputValidation": {
"NameValidationPattern": "^[\\p{L}\\p{M}\\s'\\-\\.]+$",
"OrganizationNameValidationPattern": "^[\\p{L}\\p{M}\\p{N}\\s'\\-\\.&#/,()]+$",
"EnableNoHtmlTagsValidation": true,
"EnableScriptInjectionValidation": true
}
}
}| Setting | Default | Description |
|---|---|---|
NameValidationPattern |
^[\p{L}\p{M}\s'\-\.]+$ |
Allow-list regex for person name fields (firstName, lastName, fullName). Permits Unicode letters, diacritics, spaces, apostrophes, hyphens, and dots. Set to empty string to disable. |
OrganizationNameValidationPattern |
^[\p{L}\p{M}\p{N}\s'\-\.&#/,()]+$ |
Allow-list regex for organization name fields. Additionally permits numbers, &, #, /, ,, (, ) for names like "3M", "AT&T", "H&M". Set to empty string to disable. |
EnableNoHtmlTagsValidation |
true |
Rejects HTML tags (<...>) in non-name fields (username, phone, address lines, city). Set to false to disable. |
EnableScriptInjectionValidation |
true |
Rejects script injection patterns (<script>, javascript:, vbscript:, data:text/html) in free-text fields (description). Set to false to disable. |
MaxLength constraints are always enforced regardless of configuration.
Copyright (c) Virto Solutions LTD. All rights reserved.
This software is licensed under the Virto Commerce Open Software License (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://virtocommerce.com/opensourcelicense.
Unless required by the applicable law or agreed to in written form, the software distributed under the License is provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.