[–] pornel 15y ago ↗ Almost all of them can be prevented by escaping < and ". [–] mhansen 15y ago ↗ don't forget ' & > [–] IgorPartola 15y ago ↗ But not all of these can: http://ha.ckers.org/xss.html. This is an older, but much more complete list.
[–] IgorPartola 15y ago ↗ But not all of these can: http://ha.ckers.org/xss.html. This is an older, but much more complete list.
[–] devinj 15y ago ↗ What is this, a cheatsheet for creating an HTML5 blacklist? Why would you ever do such a thing? [–] abyssknight 15y ago ↗ Or perhaps a [:white, :grey, :black].sort_by{rand}.first hat attack vector list? Penetration testers love this stuff, as do I. At my job, I educate developers by documenting things like this. It helps them be aware of what crazy stuff is out there.
[–] abyssknight 15y ago ↗ Or perhaps a [:white, :grey, :black].sort_by{rand}.first hat attack vector list? Penetration testers love this stuff, as do I. At my job, I educate developers by documenting things like this. It helps them be aware of what crazy stuff is out there.
6 comments
[ 3.1 ms ] story [ 24.8 ms ] thread