Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
IvanIF2020-11-09 22:05:23
XSS
IvanIF, 2020-11-09 22:05:23

How to prevent XSS attacks through this HTML code?

I have a form on my site where users can enter the HTML code of a google map.
Here is an example code:

<iframe src="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2194.348202713491!2d43.4474173159526!3d56.63387898079813!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x0!2zNTbCsDM4JzAyLjAiTiA0M8KwMjYnNTguNiJF!5e0!3m2!1sru!2sru!4v1604948399683!5m2!1sru!2sru" width="600" height="450" frameborder="0" style="border:0;" allowfullscreen="" aria-hidden="false" tabindex="0"></iframe>

How to prevent XSS attacks through this HTML code? Fully check it regularly? And if google suddenly decides to change the code of such maps, then change the regular expression as well?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
IvanIF, 2020-11-09
@IvanIF

Seems to have come up with a solution. I will extract the value of the src (link) attribute from the code entered by the user, run it through htmlspecialchars and independently wrap it in everything else.

Similar questions
I
Isaac Clark2015-02-11 14:12:39
How to get rid of XSS that is being executed in a text field? 2Reply
T
Tema Ovchinnikov2017-05-02 03:29:48
Should I remove all characters from $_GET['submit']? 1Reply
I
Ilya Beloborodov2021-04-20 15:48:15
Is it ok to store a user's email in localStorage? 1Reply
P
Pavel K2017-06-18 00:05:10
How to do JSON escaping? 1Reply
K
komarevtsev2017-07-11 04:16:34
How to properly protect against xss? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question