Top "Xss" questions

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

What is the difference between AntiXss.HtmlEncode and HttpUtility.HtmlEncode?

I just ran across a question with an answer suggesting the AntiXss library to avoid cross site scripting. Sounded interesting, …

asp.net xss html-encode antixsslibrary
Prevent XSS with strip_tags()?

I have a PHP web applications. I do NOT want to allow users to post HTML to my site. If …

php xss
var_dump or print_r and html encoding

<?php $x = array("<b>","<i>","b","i","<h1>hello</h1>"); print_…

php xss html-entities var-dump
ESAPI for XSS prevention not working

I am working on fixing Cross site scripting issues in our code mainly in JSPS. Below is the original code //…

java xss fortify cross-site esapi
Why use Microsoft AntiXSS library?

When you can simply encode the data using HttpUtility.HtmlEncode, why should we use AntiXss.HtmlEncode? Why is white list …

.net asp.net xss antixsslibrary
XSS prevention and .innerHTML

When I allow users to insert data as an argument to the JS innerHTML function like this: element.innerHTML = “User …

javascript encoding xss innerhtml
Escaping HTML in Rails

What is the recommended way to escape HTML to prevent XSS vulnerabilities in Rails apps? Should you allow the user …

ruby-on-rails xss
Generating AntiForgeryToken in WebForms

I have a .NET Webforms site thanks needs to post to my MVC Application which currently sits inside the Webform …

asp.net-mvc xss
Sanitizing user inputs with Spring MVC framework

I am working on web application using spring mvc framework, I wanted to know is there any best way to …

spring-mvc spring-security xss sql-injection
PHP_SELF and XSS

I've found an article claiming that $_SERVER['PHP_SELF'] is vulnerable to XSS. I'm not sure if I have understood …

php xss