Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
sorry_i_noob2018-08-07 03:03:00
XSS
sorry_i_noob, 2018-08-07 03:03:00

If the user can change the encoding in the meta tag and thus bypass XSS protection, why is it usually indicated with the tag?

Hello! I'm reading an article on Habré - "Best practices and recommendations for protecting php applications from XSS attacks".
The third rule from this article reads as follows:

Specify the encoding on each web page.

And it shows an example where the encoding is specified through the header.
And I have a question. If the encoding plays a role in protecting against xss. And if it needs to be specified via header. Why is it listed in the meta tag? On the same hub, in head, the first meta tag is an indication of the encoding:
<meta http-equiv="content-type" content="text/html; charset=utf-8">

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander, 2018-08-07
@zkelo

It does not have to be specified via header(). It simply must be indicated on every page. Which way is not important

Similar questions
M
mihailmosienko2021-10-20 00:28:52
What is the script and where did it come from? 2Reply
S
sorry_i_noob2018-09-08 11:26:48
Do I need to protect against XSS that is inserted in a GET request (I tried writing an alert(1) value to the page, but nothing happened)? 2Reply
R
riddlr2018-09-30 17:08:39
Will 2 Content-Security-Policy headers work correctly? 1Reply
V
Vadim Ivanenko2014-06-22 03:38:14
Is it possible to identify a guest of my website as a VK user without authorization through the VK API? 2Reply
I
Igor Vasiliev2016-08-11 05:18:20
How to prevent xss vulnerability on yii2? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question