Wednesday, May 30, 2018

How to reduce risk of XSS while allowing html tags

1. Allow a limited set of HTML tags:


Refer to the way that Drupal does -

2. Remove all script event handlers (onload/onerror/on[a-z]{1,10}=) and src based payload (src=javascript:alert()when storing product information.




No comments:

Post a Comment

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...