Tagged Questions

6

votes

3answers

327 views

How safe is it to accept a pre-defined set of non-harmful HTML tags from a request?

One of the first things I learned as a web developer was to never ever accept any HTML from the client. (Perhaps only if I HTML encode it.) I use a WYSIWYG editor (TinyMCE) that outputs HTML. So far I ...

asked Sep 18 '10 at 4:19

Venemo
6,20632147

1

vote

1answer

114 views

Why can't we have some AntiXss Literal html tag

Nowadays I am learning about web security, XSS, etc. As XSS basically targets a client-agent (web browser) by injecting some malicious code that is executed by the web browser as it was inserted by an ...

html xss web-security

asked Jan 1 '12 at 7:24

Nishant Kumar
10617

Technology			Life / Arts	Culture / Recreation	Science	Other
Stack Overflow Server Fault Super User Web Applications Ask Ubuntu Webmasters Game Development TeX - LaTeX	Programmers Unix & Linux Ask Different (Apple) WordPress Answers Geographic Information Systems Electrical Engineering Android Enthusiasts IT Security	Database Administrators Drupal Answers SharePoint User Experience Mathematica more (14)	Photography Science Fiction & Fantasy Seasoned Advice (cooking) Home Improvement more (13)	English Language & Usage Skeptics Mi Yodeya (Judaism) Travel Christianity Arqade (gaming) Bicycles Role-playing Games more (21)	Mathematics Cross Validated (stats) Theoretical Computer Science Physics more (7)	Stack Apps Meta Stack Overflow Area 51 Stack Overflow Careers

rev 2013.6.19.749

Stack Overflow works best with JavaScript enabled

Tagged Questions

How safe is it to accept a pre-defined set of non-harmful HTML tags from a request?

Why can't we have some AntiXss Literal html tag

Related Tags