Why Can't We Have Some Antixss Literal Html Tag
Nowadays I am learning about web security, XSS, etc. As XSS basically targets a client-agent (web browser) by injecting some malicious code that is executed by the web browser as i
Solution 1:
Suppose the contents of the text supplied by the attacker was:
</ltrl><scripttype="text/javascript">alert('You have been xssed');</script><ltrl>the total markup would be
<ltrl></ltrl><scripttype="text/javascript">alert('You have been xssed');</script><ltrl></ltrl>and your defence has been trivially breached.
Post a Comment for "Why Can't We Have Some Antixss Literal Html Tag"