Menu
I've looked through the questions and I haven't seen anyone ask this yet.
What is the for sure method to remove any sort of XSS attempts in some user submitted content? I know that < and > should be converted to < and > respectively but I've heard mention that encoding differences can get around this too.
449
There is no absolute security concering XSS since people find new attack vectors every day. Sometimes XSS is even a browser bug you cant do anything about (excep some workarounds).
To get the idea of the complexity look at this (incomplete) xss attack cheat sheet.
http://ha.ckers.org/xss.html
Guess you should make yourself a XSS expert or hire one to reach your goal.
You can start by inspecting the attack vectors from the given link above, try to understand why it can work and make sure you prevent it.
Another great way of preventing XSS is to make sure you accept only stuff you expect instead of blocking stuff you know is bad. (i.e. whitelisting instead of blacklisting)
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
