Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.
When reading about SQL Injection and XSS i was wondering if you guys have a single string that could be …
testing xss sql-injectionI am having an issue using X-Frame-Options to embed one site as an iFrame into another (different domains) with IE 11 …
html internet-explorer iframe xss x-frame-optionsWe had a penetration testing and one of the findings were: "Missing Content-Security-Policy HTTP response header" We did a bit …
apache xss content-security-policy penetration-testingIn Freemarker templates we can use the escape directive to automatically apply an escaping to all interpolations inside the included …
java xss escaping freemarkerI want to know if entiting the two marks < and > is enough to prevent XSS injections? And if …
xss code-injectionI used @Alex's approach here to remove script tags from a HTML document using the built in DOMDocument. The problem …
php html-parsing xss domdocument script-tagOn this site (archived snapshot) under “The Theory of XSS’, it says: the hacker infects a legitimate web page with …
security xssIt feels like html_safe adds an abstraction to the String class that requires understanding of what is going on, …
ruby-on-rails ruby-on-rails-3 xss html-escape html-safeI have the following meta tag set in my index.html which simplifies local development but will also be deployed …
html localhost xss content-security-policyI'm trying to code a secure and lightweight white-list based HTML purifier which will use DOMDocument. In order to avoid …
php javascript html security xss