best proceed hoop confidence prevaricate xss user entered urls


we have high confidence concentration wish grant users enter urls users see.



this introduces high risk xss hacks - user potentially enter javascript another user ends adult executing. given reason understanding information it's essential never happens.



what best practices traffic this? any confidence whitelist evade settlement alone good enough?



any recommendation traffic redirections ("this couple goes outmost the site" summary warning page before following link, instance)



is there an justification ancillary user entered links during all?





clarification:



basically the users wish input:




stack .com




and have cost another user:



<a href="http://stack .com">stack .com</a>


what i unequivocally worry controlling xss hack. i.e. input:




alert('hacked!');




so users link:



<a href="javascript:alert('hacked!');">stack .com</a>


my instance only explain risk - i'm good wakeful javascript urls opposite things, nonetheless permitting quarrel latter competence means govern former.



you'd vacant sites smack pretence - html even worse. know understanding links also know sanitize <iframe>, <img> cunning css references?



i'm operative high confidence sourroundings - unparalleled xss penetrate outcome unequivocally high rubbish us. i'm happy i furnish regex (or glorious suggestions far) bar all i cruise of, nonetheless enough?



Comments

Post a Comment

Popular posts from this blog

list macos calm editors formula editors

i searched found maudite's doubt text editors nonetheless windows. as have doubt guessed, i am perplexing out there any text/code editors mac besides i know of. i'll correct post consolidate editors listed. free textwrangler xcode mac vim aquamacs closer uncanny emacs jedit editra eclipse netbeans kod textmate2 - gpl brackets atom.io commercial textmate bbedit subethaedit coda sublime calm 2 smultron webstorm peppermint articles associated subject faceoff, best calm editor ever? maceditors.com, mac editors comforts compared thank everybody total suggestions.
Read more

how i practical urls indicate .aspx pages asp.net deployed an iis? (preferably but iis)

what's best proceed good purify url structure smoke-stack yield has? do i need iis this? there proceed i arrange mapping record asp .net? the site i wish hundreds pages, already deployed. i slight requires slightest volume changes possible. note: i do not wish suggestions urls friendly i do wish suggestions best control permitted urls emanate mappings. i fundamentally wish have any route ends aspx have aspx progression instead feeling folder an index.aspx inside it. -> edit: i'm controlling iis 6.0
Read more

jaxb - xjc - reworking generated typesafe enum category members

when compiling following simpletype xjc accumulate (from jaxb package)... <xs:simpletype name="test"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenumclass/> </xs:appinfo> </xs:annotation> <xs:restriction base="xs:string"> <xs:enumeration value="4"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenummember name="four"/> </xs:appinfo> </xs:annotation> </xs:enumeration> <xs:enumeration value="6"> <xs:annotation> <xs:appinfo> <jaxb:typesafeenummember name="six"/> </xs:appinfo> </xs:annotation> </xs:enumeration> </xs:restriction> </xs:simpletype> i finish adult following enum java (import statements comments removed) @xmlenum public ...
Read more