Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Isaac Clark2015-11-02 21:36:13
JavaScript
Isaac Clark, 2015-11-02 21:36:13

How to create an HTML editor in JavaScript?

Hello. A question.
If you create your own online html editor, then if the user writes something like this in it:
<h1>Hello, World!</h1>
Then you need to markup, that is, show the text as h1.
but the problem is that if the user writes the following:
<script>alert('xss')</script>
Then this code will naturally execute, which is not good.
As an option: this is replace to look for the script tag and replace its brackets with entities or escape them.
But is this option correct? perhaps there are options or your suggestions are much better than this?
Thanks for your help and your time.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Adamos, 2015-11-02
@Adamos

And if the user writes the same command in the console and it is executed in his browser? Horror-horror!

Report
K
keslo, 2015-11-02
@keslo

<script>alert('xss')</script>
So this is what an xss attack on a site looks like! Thanks, now I know.

Similar questions
T
TaigaFox2022-01-08 20:57:27
Will the antivirus create a conflict? 4Reply
B
bio2015-03-31 04:08:43
How to make a soap xml parser? 2Reply
R
Ruslan Gayfutdinov2015-04-01 21:55:37
How and with what to track the work of employees? 4Reply
X
Xacker_Name2022-01-14 20:22:43
How to get all aiogram telegram chat users? 2Reply
T
The Dragger2015-04-03 11:25:21
Which image upload for Yii would you recommend? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question