Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
OneTwoThreeFourFive2021-12-23 11:24:25
XSS
OneTwoThreeFourFive, 2021-12-23 11:24:25

Do I need to clear the data that came from the websocket?

The data is taken from the database and cleaned up (script tags are removed, etc.). Then they are sent via wesocket to the client and displayed as html. Do I need to clean the data with js on the client before displaying? Can someone somehow replace this data on the way to the client by adding some kind of script? Then clearing the data on the client would remove the script.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vladimir Korotenko, 2021-12-23
@firedragon

Paranoids recommend cleaning all external data, even if it is your service and is located on the internal network.
This increases the cost, but gives additional guarantees.
However, businesses assess risks, and often create trusted zones for convenience.

Similar questions
E
Evgeny Antipov2018-04-20 12:31:09
Protection against DOM change via console? 1Reply
V
Vitaly Mironov2018-05-13 15:40:59
Protecting css from XSS? 1Reply
J
jedifa2021-09-01 16:03:57
Does React prevent xss attacks? 1Reply
I
iOS Dav2016-07-05 13:10:45
What is better, to save the user's post to the database by executing htmlentities() or not? 2Reply
A
Alexey Tipa2019-03-19 14:15:25
How do I know that my Wordpress site does not contain xss vulnerabilities? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question