XSS & Active Record |
[eluser]Benito[/eluser]
Well the answer is yes and no. Some characters do get rendered in certain situations. Rule of thumb is to always treat user input as potentially dangerous and filter it for unwanted patterns and characters. Or you can change the logic around and only allow certain characters like Code: <br />, <span>, <p> I would also encourage to read this XSS patterns article on ha.ckers.org. It has some very clear points on the topic from which I learnt a lot anno. Cheers |
Messages In This Thread |
XSS & Active Record - by El Forum - 06-23-2010, 03:55 AM
XSS & Active Record - by El Forum - 06-23-2010, 08:24 AM
XSS & Active Record - by El Forum - 06-24-2010, 08:54 AM
XSS & Active Record - by El Forum - 06-24-2010, 09:11 AM
XSS & Active Record - by El Forum - 06-25-2010, 07:38 AM
|