Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dfv1232018-02-08 01:44:23
React
dfv123, 2018-02-08 01:44:23

Why is there an error with the action "ADD"?

Why can't I do action "ADD" ? Please help.
https://codesandbox.io/s/4xjyzp90k9

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
A
Anton Spirin, 2018-02-08
@dfv123

https://codesandbox.io/s/jvxv5xkqy

Report
W
Weageoo, 2012-01-04
@Weageoo

Html sanitizer on js .

Report
V
Vitaly Zheltyakov, 2012-01-04
@VitaZheltyakov

If according to the "correct", then protection against XSS comes down to elementary verification of incoming data on the server. It is advisable to use a white list.

Report
A
AlexanderPHP, 2012-01-04
@AlexanderPHP

It is impossible to filter only on javascript, because firebug can be bypassed.
In general, on the PHP side there is a good way:

$find = array ('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/javascript/i' );
$replace = array ("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript" );

$txt = preg_replace( $find, $replace, $txt );
$txt = preg_replace( "#<iframe#i", "<iframe", $txt );
$txt = preg_replace( "#<script#i", "<script", $txt );
$txt = str_replace( "<?", "<?", $txt );
$txt = str_replace( "?>", "?>", $txt );

Report
N
Nikita Permin, 2012-01-04
@NekitoSP

After reading the article from that site, you still seem to have not figured out how to act a little. My idea for filtering data on the server side is this:
1) first, we decode all the data, replacing all such things

with normal characters, which we will work with further
3) further, when finding tag boundaries, be it ... we remove all non-printable (?) characters (including line breaks) in the tag parameters as well as between the opening and closing ones. The problem will be only with \0, but if you work with data as an array of characters, and not as a string, then you will probably be able to bypass them.
3) then work with the tag parameters, accordingly we remove everything that is not a normal URL, and if possible, get rid of the tag if suddenly the URL is “unsafe” (I think only those that start with http:/ should be considered safe URLs / or https://, well, in extreme cases - ... in general, it's up to you)

Report
X
Xrizolin, 2018-07-12
@Xrizolin

https://www.owasp.org/index.php/XSS_(Cross_Site_Sc...
And just in case, after checking the sources, run it over the scanner.
For example , https://metascan.ru

Similar questions
P
Paul Fawkes2019-09-16 21:24:58
Why don't xamarin buttons work? 3Reply
J
Jura Semenenko2018-10-21 20:16:21
Session storage React, Firebase. How to organize? 1Reply
A
asqwerty2021-12-24 14:00:23
Component question? 1Reply
M
mr jeery2018-10-24 21:06:53
How to pass JWT header to Swagger request? 0Reply
R
roaddd2021-12-26 04:33:57
How to use .env variables in scss? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question