Top "Xss" questions

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

Javascript XSS Prevention

There is a Node.js project that sanitizes data and there is an OWASP library for JavaScript that handles sanitization …

javascript security node.js xss sanitization
Anti XSS and Classic ASP

I'm currently trying to secure my classic ASP application from XSS. I came across the AntiXSS from Microsoft on the …

security asp-classic xss
Is strip_tags() vulnerable to scripting attacks?

Is there a known XSS or other attack that makes it past a $content = "some HTML code"; $content = strip_tags($…

php html security xss strip-tags
When used correctly, is htmlspecialchars sufficient for protection against all XSS?

If the following statements are true, All documents are served with the HTTP header Content-Type: text/html; charset=UTF-8. All …

php html security xss
Why is Cloudfront loading scripts in my web app? (I don't use it)

I manage a secured PHP/MySQL web app with extensive jQuery use. Today, a strange error popped up in our …

javascript security web-applications xss amazon-cloudfront
how to use ajax request in jsFiddle

I'm trying to create my first fiddle. So here's what I want to do with jquery $('.list').live('click', …

jquery cross-domain xss jsfiddle
How do you avoid XSS vulnerabilities in ASP.Net (MVC)?

I recently noticed that I had a big hole in my application because I had done something like: <input …

asp.net asp.net-mvc xss
Javascript sanitization: The most safe way to insert possible XSS html string

Currently i'm using this method with jQuery solution, to clean string from possible XSS attacks. sanitize:function(str) { // return htmlentities(…

javascript xss html-sanitizing
Valid Email Addresses - XSS and SQL Injection

Since there are so many valid characters for email addresses, are there any valid email addresses that can in themselves …

php xss sql-injection email-validation
WARNING: sanitizing unsafe style value background-color

Using Angular, I am pulling data from Firebase. I want user's chat messages to be based on a color that …

angular typescript xss