Ask a Question

How to allow user input with ' ' safely?


0 votes
asked Mar 12, 2016 by Srr9860 (260 points)
For sake of XSS attack, my project has code below that strips unsafe characters:userInput.

4 Answers

0 votes
answered May 31, 2016 by This_Thanks (880 points)
 
Best answer
Another possibility for error like this is when there is a class name collision
Check out https://www.google.com/about/appsecurity/learning/xss/ for more info
commented May 31, 2016 by Jbeworks (270 points)
It removes only those lines that are followed by another empty line
commented Jun 1, 2016 by thorough (890 points)
One problem with this trick is that description attribute cannot be localized. Then set that value in the path
0 votes
answered Apr 1, 2016 by Fgnto (1,180 points)
I encountered this same problem in an app that had very minimal use of sessions. For more info on these builders check out http://www.howtocreate.co.uk/tutorials/javascript/security
0 votes
answered May 31, 2016 by Lannon (1,090 points)
You can find more information on How to enable JavaScript in your browser and why
commented May 31, 2016 by Znl_or (160 points) 1 flag
Hopefully this will be little helpful
commented Jun 1, 2016 by Createzack (210 points)
I have run into this problem in two scenarios
0 votes
answered May 31, 2016 by Fvm_2215 (330 points)
For the very beginner HTML5 & JavaScript Security - Security innovation is also a nice one
Click on button and all work well again

Related questions

0 votes
3 answers
From Xss, how to allow user input with ' ' safely?
asked Mar 12, 2016 by ersit (810 points)
0 votes
4 answers
How can I allow user controlled CSS without introducing XSS?
asked Feb 26, 2016 by hillebrano (1,130 points)
0 votes
3 answers
With Php, how to safely use user input in file path
asked Mar 15, 2016 by Perham (890 points)

Most popular tags

javascript php c android java jquery ios html angularjs python mysql css aspnet nodejs swift objective-c sql json ajax linux wordpress aspnemvc xcode vbnet ruby-on-rails sql-server xml django osx html5 r mongodb net apache wpf iphone cordova parsecom excel facebook twitter-bootstrap eclipse vba hadoop spring multithreading windows ruby database excel-vba postgresql unitesting google-chrome arrays codeigniter git scala laravel google-maps api symfony2 forms ubuntu aspnemvc-4 spring-mvc matlab jsp apache-spark winforms maven rest http oracle image amazon-web-services python-3x express python-27 visual-studio unity3d web-services opencv htaccess ssl android-studio uitableview facebook-graph-api magento d3js xaml selenium entity-framework visual-studio-2013 sqlite meteor css3 regex iis email gradle

What is Geekub?

Q&A site for professional and enthusiast programmers, software developers and other technical users. With your help, we hope to work together to build a library of detailed answers to just about any question that is related to programming!


ToughDev - We Love Technical Sharing





Snow Theme by Q2A Market
Powered by Question2Answer
...