cyberdantes
Reputation: 1422
<script type="text/javascript">alert('Xss done');</script>
How do you resolve this Xss from Stackoverflow?
Upvotes: 2
Views: 10848
Answers (2)
Brandon
Reputation: 70002
Jeff actually posted his Sanitizer on RefactorMyCode.com
You can see it here. It may not be the final version they're currently using, but it will show you the basics of how it works.
Upvotes: 0
alexn
Reputation: 58992
The output is html encoded.
All html entities are replaced with their escaped characters, for example "<" is replaced by <.
More info on wikipedia along with a list of html characters, http://en.wikipedia.org/wiki/Character_encodings_in_HTML
Upvotes: 3
Related Questions
- Execute JavaScript for XSS without script tags
- Javascript XSS Validation
- How to xss without '=' and '>'?
- XSS with javascript:alert()
- how to prevent XSS in javascript string
- How to prevent XSS in the following code?
- XSS javascript, exploit check
- XSS - is it only possible by using JavaScript?
- <script type="text/javascript">
- Javascript that prevents XSS