Top "Xss" questions

Best regex to catch XSS (Cross-site Scripting) attack (in Java)?

Jeff actually posted about this in Sanitize HTML. But his example is in C# and I'm actually more interested in …

java html regex xss

Is it possible to XSS exploit JSON responses with proper JavaScript string escaping

JSON responses can be exploited by overriding Array constructors or if hostile values are not JavaScript string-escaped. Let's assume both …

javascript jquery security json xss

Is it safe to use $.support.cors = true; in jQuery?

I was trying to hit a web service on a different domain using jQuery's ajax method. After doing some research …

jquery xss security

Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?

Earlier today a question was asked regarding input validation strategies in web apps. The top answer, at time of writing, …

php security xss sql-injection

The ultimate clean/secure function

I have a lot of user inputs from $_GET and $_POST... At the moment I always write mysql_real_escape_…

php security xss sql-injection

CodeIgniter - why use xss_clean

if I'm sanitizing my DB inserts, and also escaping the HTML I write with htmlentities($text, ENT_COMPAT, 'UTF-8') …

php html security codeigniter xss

HTML: Should I encode greater than or not? ( > > )

When encoding possibly unsafe data, is there a reason to encode >? It validates either way. The browser interprets the …

html encoding xss

how to set httponly and session cookie for java web application

I am working on an XSS (cross site scripting) issue. My application runs on an Oracle Weblogic portal. We use …

java security xss httponly

Preventing XSS in Node.js / server side javascript

Any idea how one would go about preventing XSS attacks on a node.js app? Any libs out there that …

xss node.js serverside-javascript

Examples of XSS that I can use to test my page input?

I have had issues with XSS. Specifically I had an individual inject JS alert showing that the my input had …

php javascript security xss