Measures to prevent XSS vulnerability (like Twitter's one a few days before)

Even famous sites like Twitter are suffering from XSS vulnerability, what should we do to prevent this kind of attack?

How to prevent XSS vulnerability with Struts

We need to add anti-XSS support in our Struts application. Most specifically the architect requires that all user input must be "sanitized" before storing in DB. As I don't want to reinvent the...

How to prevent persistent XSS vulnerability with the Java Struts 1 Framework?

I have an application that executes under Tomcat 7, developed with Struts (Java Web Framework). My application contains a security vulnerability (XSS Cross-site scripting). What kind of XSS...

How can I prevent an XSS vulnerability when using Flex and ASP.NET to save a file?

I've implemented a PDF generation function in my flex app using alivePDF, and I'm wondering if the process I've used to get the file to the user creates an XSS vulnerability. This is the process...

How to prevent XSS vulnerability in wordpress site

When I directly write https://example.com/?trigger=*/</script><script>alert(1)</script> in url bar, it prompts the alert box. How to fix this in a wordpress site? I've tried some...

Prevent XSS attacks site-wide

I'm new to ColdFusion, so I'm not sure if there's an easy way to do this. I've been assigned to fix XSS vulnerabilities site-wide on this CF site. Unfortunately, there are tons of pages that are...

How to prevent Client DOM XSS vulnerability in javascript?

After checkmarx scan on my code,I am getting the below message. >Method execute at line 23 of ...\action\searchFun.js gets user input for the form element. > >This element’s value then flows...

How to prevent Client DOM XSS vulnerability <loadXML> in javascript?

Method function at line 200 of .../js/general.js gets user input for the data element. This element’s value then flows through client-side code without being properly sanitized or validated and is...

Gatsby XSS Prevention

I've read that React only prevents XSS in children and not props. Is this code an XSS vulnerability? import React from &quot;react&quot; import { graphql } from &quot;gatsby&quot;import Layout...

Prevent XSS attack in Paypal html form

I have some problem with XSS scan on sitelock. They said that some of URL from html input form is vulnerable. They said each parameters which I sent through the form was vulnerable. In this case...

HTML fields XSS vulnerability

So I've been trying to program a website with a user/password form from scratch. &lt;html&gt; &lt;head&gt; &lt;title&gt;Password Generator&lt;/title&gt; &lt;/head&gt; ...

How to prevent XSS vulnerability from being introduced when using .val()?

I store unsanitized user input in my database, then escape it on output. If I enter &quot;&gt;&lt;svg/onload=alert(3)&gt; into an input and save it in the database, then load a page that escapes...

Prevent XSS and SQL injection in chat

im new with php and website coding, but I would like to know how can I make an input field for a chat so that its not vulnerable for xss and sql but characters like ? and ! are usable. the coding...

Fix Checkmarx XSS Vulnerabilities

Checkmarx is giving XSS vulnerability for following method in my Controller class. Specifically: This element’s value (ResultsVO) then flows through the code without being properly sanitized or...

Is it possible to have an Android application (coded in JAVA) without WebView have XSS vulnerabilities (reflect or stored type)?

Is is possible to have an Android application coded in only JAVA have XSS vulnerabilities (reflect or stored type)? For Instance, can we call following lines of code written in Android/JAVA...

XSS vulnerability in Rails (merged params)

I recently discovered (thanks to a bug bounty user) that my site has XSS vulnerabilities. After some playing around, I discovered the cause is in our locale switch in the navbar, such as: &lt;%=...

Avoiding XSS vulnerabilities - whitelist?

What are the best practices to prevent XSS vulnerabilities? A lot of people on here have mentioned whitelists which sounds like a good idea, but I see many people define the whitelist using a...

Prevent XSS Reflection in JSF <f:param>

I am supporting a legacy application that uses JSF (and JSP). I am doing my best to prevent XSS by adding validators and escapes to the code as necessary. I'm new to JSF. Code Example (in...

XSS Vulnerabilities for HTML link tags

The security team ran a vulnerability check on my website, which is showing a lot of XSS vulnerabilities. All the vulnerabilities can be categorized in to the below three: Script include after...

UTF-8 characters that aren't XSS vulnerabilities

I'm looking at encoding strings to prevent XSS attacks. Right now we want to use a whitelist approach, where any characters outside of that whitelist will get encoded. Right now, we're taking...

How to encode value to put in iframe src attribute to prevent XSS in ASP.NET MVC

Using ASP.NET MVC, I have an url that takes a querystring param called path, which can be a url within my site. I found a XSS vulnerability and I cannot figure out how to encode the path value...

Is addslashes() safe to prevent XSS in a HTML attribute?

I'm having to work on an old web app that a previous developer left. It is using addslashes() to prevent XSS on a HTTML attribute. Here is an example: &lt;?php // all $_POST vars are put through...

XSS vulnerability for JSON API

I have a REST API that accepts and returns JSON data. A sample request response is a follows Request { &quot;repos&quot;: [ &quot;some-repo&quot;, ...

Avoiding XSS Vulnerability with single quotes, but allow users to use them in input?

This may be a more basic question, but I am accessing a JSON string from my controller, which accesses the database, on my JavaScript page. I do {!JSENCODE(jsonString)} to be wary of XSS...

XSS Prevention .NET Core 2.x and above

We have an asp.net core 2.1 web api wherein we have an endpoint to post vendors with sample payload below which gets stored in PostgreSQL DB. Currently, we have identified an XSS vulnerability if...

How can I prevent an XSS attack that places a <script> element in the query string?

> Possible Duplicate: > What are the best practices for avoid xss attacks in a PHP site <!-- End of automatically inserted text --> For...

Escaping HTML in Rails

What is the recommended way to escape HTML to prevent XSS vulnerabilities in Rails apps? Should you allow the user to put any text into the database but escape it when displaying it? Should you...

Is it possible to implement only XSS prevention in Spring security and leave everything else open?

I'm working on a project where the OAuth2 implementation has not yet been consolidated, but I have been requested to investigate XSS prevention on the platform. Since the security concern is a...

How to escape XSS from uploaded filename?

I want to fix xss vulnerability. Scenario - following: 1. I' ve created file with name &lt;imgsrc=x onerror=alert(document.cookie)&gt; 2.I have html input on my page and I try to load file created...

How to prevent XSS in a Classic ASP multipart form?

I have a multipart form written in Classic ASP that is based on the code below. I use stored procedures and parameters to write to the sql DB, I use Server.HTMLEncode before it is submitted also....

Relevant tags