Last post Mar 29, 2017 02:58 PM by bbcompent1
Mar 27, 2017 07:00 PM|2xo1|LINK
client spouse to post the server a script code.. an advertisement content.. including
html js css flash.... so and so..
how to protect from vulnerability?
is there a dll that scan for vulnerability?
and how to store that data?
what encoding to use?
(at the moment i having a first look on google caja)
Mar 29, 2017 02:58 PM|bbcompent1|LINK
What you can do that will remedy this problem is to use parameterized queries, that will automatically encode anything inserted into the database. Once encoded, cross site scripting is no longer possible because it will display correctly but be disarmed.
Essentially, with parameterizing:
this:<script>Hi there!</script> (executable)
becomes this after parameterization:
<script>Hi there!</script> (non-executable)