Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re: Re: Preventing Cross-site Scripting Attacks

by gellyfish (Monsignor)
on Feb 23, 2002 at 14:54 UTC ( #147067=note: print w/ replies, xml ) Need Help??


in reply to Re: Preventing Cross-site Scripting Attacks
in thread Preventing Cross-site Scripting Attacks

are there other mechanisms that have to be addressed

Of course you can have event attributes such as onClick in certain HTML tags which could have malicious script in. On the whole the best approach as merlyn points out is to only allow a safe subset of HTML rather than attempting to remove potentially bad things.

/J\


Comment on Re: Re: Preventing Cross-site Scripting Attacks
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://147067]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (6)
As of 2014-07-29 00:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (211 votes), past polls