xss
How to fix XSS vulnerabilities on javascript?
1) I get response with html tags, for instance: This is <b>Test</b> 2) sometimes response may containt script (or iframe, canvas and etc.) tags (XSS), fo开发者_开发技巧r instance: This &l[详细]
2023-04-01 23:55 分类:问答Is FILTER_SANITIZE_EMAIL pointless if already using FILTER_VALIDATE_EMAIL?
I am just creating a registration form, and I am looking only to insert valid and safe emails into the database.[详细]
2023-04-01 22:41 分类:问答best way to secure simple wysiwyg with php
I have added a simple wysiwyg editor in my website. (it only allows B / I / U - no more) I currently store all content as html in my database - but it\'s simple to add <a onclick=\'...\'> or oth[详细]
2023-04-01 17:33 分类:问答Display Javascript "same origin policy" violations
I\'m developing a mobile app which runs a simple HTTP server and a WebView. The WebView displays an external website which should access the server via javascript (GET). Unfortunately this doesn\'t wo[详细]
2023-04-01 16:07 分类:问答Should htmlspecialchars() be used on information on input or just before output?
I take $_POST information and store it in a DB and later on query and print this information to the user. Should I use htmlspecialchars() before inserting this info or after I query it before I output[详细]
2023-04-01 13:49 分类:问答Examples of XSS that I can use to test my page input?
I have had issues with XSS. Specifically I had an individual inject JS alert showing that the my input had vulnerabilities. I have done research on XSS and found examples but for some reason I can\'t[详细]
2023-04-01 01:36 分类:问答javascript unbind dom events
I\'m working on a web framework and am trying to build XSS prevention into it. I have set it up so it will escape incoming data for storage in the database, but sometimes you want to save html that th[详细]
2023-03-31 08:07 分类:问答Should I use both striptags() and htmlspecialchars() to prevent XSS?
Does this depend on if the input is going to be printed to the user? In my case I need to return the input back to the user (comment开发者_开发知识库s and bio).[详细]
2023-03-31 07:26 分类:问答DOM and remove tag againnst xss attack way to optimize it?
A friend of me posted a code about how to p开发者_如何转开发revent xss attack using DOM. What do you think about this code ?[详细]
2023-03-31 03:33 分类:问答Output HTML safely using PHP
I used stackoverflow to find solution to my problems, so I didn\'t need to post a question so long. I search for a way to output HTML code but as many of you answered HTMLPurifier is the best solution[详细]
2023-03-31 01:22 分类:问答