A
A
askogorev2014-09-23 13:43:14
MySQL
askogorev, 2014-09-23 13:43:14

What threatens the execution of javascript on the site?

The user can write html+js code and run it as a separate page on the site through a special link.
What negative consequences from it can be?
Should this functionality be allowed?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
R
romy4, 2016-09-26
@romy4

Why are you making the foreign key string?
The error means that the foreign key must still be the primary key.

S
SilentFl, 2014-09-23
@SilentFl

it's xss , and the consequences can be dire: stolen passwords, user identities, ddos ​​to other sites, etc.

S
Sergey Romanov, 2014-09-24
@Serhioromano

If you need it on the site, then you can. There are jsfiddle, jsbin, codepen, ... They all do it. You just need to run the script in the sandbox. There are technologies in which this can be organized. But as @SilentFl said there are always risks. Therefore, you must know exactly what you are doing, how to protect yourself. Here you need to trust professionals, and hard testing, it is better that hackers or xss specialists do it.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question