Top "Xss" questions

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

How to save HTML to database and retrieve it properly

Learning security these days :) I need to allow users to enter text in a form and allow them some HTML …

asp.net-mvc asp.net-mvc-4 razor xss
how does ASP.NET validate anti-forgery token

I wonder how does ASP.NET check if an anti-forgery token is valid or not? Like where is ASP.NET …

asp.net security xss antiforgerytoken
Do I need to sanitize the callback parameter from a JSONP call?

I would like to offer a webservice via JSONP and was wondering, if I need to sanitize the value from …

jsonp xss
What are the best practices for avoiding xss attacks in a PHP site

I have PHP configured so that magic quotes are on and register globals are off. I do my best to …

php security xss
How does Angular handle XSS or CSRF?

How does Angular (2) handle XSS and CSRF. Does it even handle these attacks? If so, what do I have to …

angular typescript xss csrf
How does XSS work?

Can someone explain how XSS works in plain english? Maybe with an example. Googling didn't help much.

xss
XSS Cross Site Scripting - Jsp <Input> tag

The following piece of code in my JSP caused a cross site scripting vulnerability on the input tag. <form …

xss cross-site
What is Cross Site Script Inclusion (XSSI)?

I've recently seen XSSI mentioned on multiple pages, e.g. Web Application Exploits and Defenses: Browsers prevent pages of one …

xss security
Which browsers do support HttpOnly cookies?

Which browsers do support HttpOnly cookies, and since which version? Please see http://www.codinghorror.com/blog/archives/001167.html for …

security browser cookies xss httponly
htmlspecialchars vs htmlentities when concerned with XSS

I have seen a lot of conflicting answers about this. Many people love to quote that php functions alone will …

php xss