How to allow user input with ' ' safely?


0 votes
asked Mar 12, 2016 by Srr9860 (260 points)
For sake of XSS attack, my project has code below that strips unsafe characters:userInput.

4 Answers

0 votes
answered May 31, 2016 by This_Thanks (880 points)
 
Best answer
Another possibility for error like this is when there is a class name collision
Check out https://www.google.com/about/appsecurity/learning/xss/ for more info
commented May 31, 2016 by Jbeworks (270 points)
It removes only those lines that are followed by another empty line
commented Jun 1, 2016 by thorough (890 points)
One problem with this trick is that description attribute cannot be localized. Then set that value in the path
0 votes
answered Apr 1, 2016 by Fgnto (1,200 points)
I encountered this same problem in an app that had very minimal use of sessions. For more info on these builders check out http://www.howtocreate.co.uk/tutorials/javascript/security
0 votes
answered May 31, 2016 by Lannon (1,090 points)
You can find more information on How to enable JavaScript in your browser and why
commented May 31, 2016 by Znl_or (160 points) 1 flag
Hopefully this will be little helpful
commented Jun 1, 2016 by Createzack (210 points)
I have run into this problem in two scenarios
0 votes
answered May 31, 2016 by Fvm_2215 (330 points)
For the very beginner HTML5 & JavaScript Security - Security innovation is also a nice one
Click on button and all work well again

Related questions


What is Geekub?

Q&A site for professional and enthusiast programmers, software developers and other technical users. With your help, we hope to work together to build a library of detailed answers to just about any question that is related to programming!







...