Tag: xss

998 What's the best method for sanitizing user input with PHP? 2008-09-24T20:20:39.650

206 How to prevent XSS with HTML/PHP? 2010-01-03T20:09:09.323

168 What is the http-header "X-XSS-Protection"? 2012-02-01T03:59:59.607

113 Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection? 2008-09-21T08:58:26.370

82 How do you set up use HttpOnly cookies in PHP 2008-08-31T14:27:50.337

78 How do you use window.postMessage across domains? 2010-08-11T10:29:04.210

71 How do you configure HttpOnly cookies in tomcat / java webapps? 2008-08-28T21:09:30.707

65 What are "top level JSON arrays" and why are they a security risk? 2010-08-17T13:48:30.423

64 What are the best practices for avoiding xss attacks in a PHP site 2008-09-16T11:20:02.680

61 XSS prevention in JSP/Servlet web application 2010-04-17T15:35:27.373

60 Will HTML Encoding prevent all kinds of XSS attacks? 2008-09-10T10:03:08.547

59 Preventing XSS in Node.js / server side javascript 2010-09-14T00:26:10.433

58 How to properly escape html form input default values in php? 2011-06-06T07:56:39.637

58 Is jQuery .text() method XSS safe? 2012-03-16T09:53:11.840

56 Sanitising user input using Python 2008-08-19T20:18:31.740

56 How to pass parameters to a Script tag? 2011-03-13T21:05:21.137

54 The ultimate clean/secure function 2010-11-19T10:09:48.667

53 WARNING: sanitizing unsafe style value url 2016-07-26T15:04:45.397

52 Today's XSS onmouseover exploit on twitter.com 2010-09-21T17:18:06.267

52 Is it safe to use $.support.cors = true; in jQuery? 2011-10-21T16:10:59.020

50 CSRF, XSS and SQL Injection attack prevention in JSF 2011-10-11T06:30:15.577

48 How do I prevent people from doing XSS in Spring MVC? 2010-01-27T15:10:56.210

47 When is it Best to Sanitize User Input? 2008-08-29T18:07:04.960

47 Is it really insecure to build HTML strings in Javascript? 2014-11-18T09:35:26.477

46 Can someone explain this SQL injection attack to me? 2011-12-05T01:53:55.713

45 Is strip_tags() vulnerable to scripting attacks? 2011-04-26T09:40:14.607

44 Best way to handle security and avoid XSS with user entered URLs 2008-10-15T18:46:52.310

43 IE8 XSS filter: what does it really do? 2010-01-12T19:12:58.410

42 What is the difference between AntiXss.HtmlEncode and HttpUtility.HtmlEncode? 2009-10-22T17:48:03.883

41 How exactly do you configure httpOnlyCookies in ASP.NET? 2008-08-28T22:14:16.650

41 Why the cross-domain Ajax is a security concern? 2009-01-21T20:01:16.510

41 Cross Site Scripting in CSS Stylesheets 2010-08-31T09:52:38.010

38 Chrome: ERR_BLOCKED_BY_XSS_AUDITOR details 2017-04-06T08:39:57.200

37 Which browsers do support HttpOnly cookies? 2009-02-09T14:45:38.730

37 XSS filtering function in PHP 2009-08-26T18:53:30.767

37 HTML: Should I encode greater than or not? ( > > ) 2012-01-25T21:37:54.453

35 Is it possible to XSS exploit JSON responses with proper JavaScript string escaping 2010-06-30T03:44:17.613

35 What does it mean when they say React is XSS protected? 2015-11-11T04:56:05.513

33 A simple example of a Cross-site scripting attack 2012-03-06T12:45:04.107

32 How does XSS work? 2008-10-27T06:12:26.720

32 Java Best Practices to Prevent Cross Site Scripting 2009-07-21T14:58:15.707

29 Sanitizing user input before adding it to the DOM in Javascript 2010-05-08T12:59:11.653

28 Access to restricted URI denied code: 1012 2008-09-09T06:12:10.450

28 HTML encode user input when storing or when displaying 2008-10-21T20:58:58.593

28 htmlspecialchars vs htmlentities when concerned with XSS 2010-09-02T01:30:20.307

28 PHP_SELF and XSS 2011-05-21T06:21:59.607

28 What is Cross Site Script Inclusion (XSSI)? 2011-11-06T16:36:21.687

28 Why this error in dev console of chrome when using x-xss-protection? 2016-03-31T09:44:59.203

27 how to set Http header X-XSS-Protection 2011-01-08T18:20:35.217

26 Preventing HTML character entities in locale files from getting munged by Rails3 xss protection 2010-08-13T13:58:27.770

26 CodeIgniter - why use xss_clean 2011-03-17T09:26:23.123

26 Guide to proper escaping in Play framework 2011-04-23T14:17:02.220

25 What makes JSFiddle secure from XSS based attacks? 2011-07-18T11:54:46.353

25 Backbone.js and XSS/HTML escaping 2012-09-25T16:09:04.377

24 Escaping HTML in Rails 2009-03-30T19:36:51.830

24 Codeigniter - Disable XSS filtering on a post basis 2010-09-24T15:17:39.520

24 Best practice for allowing Markdown in Python, while preventing XSS attacks? 2011-03-10T21:29:03.323

24 How to temporarily disable XSS protection in modern browsers for testing? 2012-10-17T04:12:17.543

23 Cross-site AJAX requests 2008-12-02T10:11:49.193

23 How Does Google Global Login Work? 2009-08-05T03:09:11.537

23 Cross-Origin Resource Sharing (CORS) - am I missing something here? 2010-03-28T13:29:02.507

22 XSS attack to bypass htmlspecialchars() function in value attribute 2010-05-24T02:35:57.573

22 Examples of XSS that I can use to test my page input? 2011-08-29T15:42:32.570

22 What is the correct way to detect whether string inputs contain HTML or not? 2011-12-07T16:42:49.470

22 html/XSS escape on input vs output 2012-06-28T22:00:01.783

21 Best regex to catch XSS (Cross-site Scripting) attack (in Java)? 2008-08-24T00:21:10.413

21 How to sanitize HTML code in Java to prevent XSS attacks? 2010-08-05T09:17:10.357

21 XSS attacks and style attributes 2010-12-28T13:59:59.810

21 XSS - Which HTML Tags and Attributes can trigger Javascript Events? 2011-08-07T21:54:49.023

21 Is jQuery's $.get() safe to call on an untrusted URL? 2015-03-14T00:48:19.950

20 Best Practice: Legitimate Cross-Site Scripting 2008-09-09T19:09:56.603

20 Can session storage be safe? 2011-04-20T09:00:20.583

20 php - is FILTER_SANITIZE_EMAIL pointless? 2011-09-03T01:52:44.190

19 Catching SQL Injection and other Malicious Web Requests 2008-08-04T14:40:58.050

19 How do you avoid XSS vulnerabilities in ASP.Net (MVC)? 2010-07-08T19:15:19.020

19 Is there a definitive anti-XSS library for PHP? 2010-10-20T02:03:20.953

19 Why is Cloudfront loading scripts in my web app? (I don't use it) 2012-02-08T16:58:18.633

19 How to access plain text content retrieved via <script type="text/plain" src=...> in JavaScript? 2012-10-06T14:53:48.103

19 angularjs + cross-site scripting preventing 2014-04-11T08:51:38.253

18 XSS Torture Test - does it exist? 2008-11-01T16:10:20.110

18 Generating AntiForgeryToken in WebForms 2009-08-24T10:09:16.920

18 Do I need to sanitize the callback parameter from a JSONP call? 2010-05-05T21:46:08.323

18 PHP Form Security With Referer 2010-05-15T19:12:37.427

18 NS_ERROR_FAILURE : Failure in Firefox 2013-03-15T21:02:34.867

18 Can an HTML <script> fragment on the URL be used for XSS in a purely client side application? 2017-04-16T10:15:14.010

17 Strict HTML Validation and Filtering in PHP 2008-10-13T21:00:04.523

17 Do you have any SQL Injection Testing "Ammo"? 2008-11-08T12:09:33.697

17 Is it necessary to "escape" character "<" and ">" for javascript string? 2009-04-23T01:27:41.853

17 What is the general concept behind XSS? 2010-02-09T22:34:48.020

17 Android App using Webview/javascript. what can be security concern? 2013-04-01T01:56:18.090

17 how does ASP.NET validate anti-forgery token 2014-10-29T00:01:53.947

16 What makes a good test string for testing web forms for unicode compatibility? 2009-08-27T19:13:15.370

16 Why use Microsoft AntiXSS library? 2010-01-07T17:37:20.483

16 The 2011 approach to XSS in PHP? 2011-02-21T20:49:51.127

16 Is this horrifying XSS vector still an issue in Internet Explorer? 2011-05-08T15:47:29.717

16 Sanitizing user inputs with Spring MVC framework 2013-03-27T07:07:57.893

16 What is cross site scripting 2013-04-02T02:57:54.697

15 Is it possible for a XSS attack to obtain HttpOnly cookies? 2008-10-23T01:07:37.250

15 Best way to defend against mysql injection and cross site scripting 2009-02-20T10:11:36.497