xss
What is a function that will allow output with HTML and avoid XSS attacks
I am looking for a way or function that will allow me to display data from my mySQL database. The users are allowed t开发者_开发百科o post articles, that I use mysql_real_escape_string to avoid SQL in[详细]
2023-03-30 21:46 分类:问答Is using a URL to call AJAX from a hidden field XSS safe?
Is it XSS safe to do something like this in jQuery? <html> ... <input type=\"text\" id=\"message\" value=\"\" />[详细]
2023-03-30 19:31 分类:问答Redirect outside the current domain using javascript
I want to redirect to another website outside of my domain, such as this: <img src=\"http://url.to.file.which/not.exist\" onerror=wi开发者_如何学Pythonndow.open(\"www.google.com\",\"xss\",\'height[详细]
2023-03-30 14:30 分类:问答Is including an external CSS file safe, or could it lead to code injection?
I\'m working on a site that customers will use by embedding it in an iframe in their site.I want to give them 开发者_开发问答the ability to customize the styling of the contents so they can make it fi[详细]
2023-03-30 12:33 分类:问答Todo list methods to prevent xss attack, which are the most efficient?
I开发者_JAVA技巧 would love to know which best methods/tips do we have to use to prevent and make difficult a xss attack ?[详细]
2023-03-30 04:23 分类:问答Help Implement Tags in PHP
In my recent PHP project, I need to implement Tags (searchable) separated by comma (similar to this site or something like in WordPress). What is the smart way to detect and remove unnecessary charact[详细]
2023-03-30 00:58 分类:问答Security aspects of second-level domains like .co.uk
What are the security aspects of second-level domains like .co.uk? Especially,开发者_开发知识库 when it comes to cross-site scripting and cookies stealing.[详细]
2023-03-29 18:02 分类:问答Script exploits in ASP.NET - Is setting validateRequest="true" good advice?
I was reading about ASP.NET Script Exploits, and one开发者_JAVA技巧 of the suggestions is: (emphasis is mine; and the suggestion is #3 in section \"Guarding Against Scripting Exploits[详细]
2023-03-29 08:24 分类:问答How to make cross domain XHR request
How to make working XHR cross domain request - I\'ve tried \'Script Tag Hack\' but it doesn\'t work or I\'m doing something wrong. Any suggestions?[详细]
2023-03-28 05:37 分类:问答Circumventing TinyMCE's input validation with custom POST headers
AFAIK, TinyMCE is supposed to be self-sufficient XSS-wise, as its editor prevents anything that could be used for XSS.[详细]
2023-03-28 05:10 分类:问答