Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
komarevtsev2017-07-21 09:38:05
JavaScript
komarevtsev, 2017-07-21 09:38:05

XSS on page for internal use?

I want to use <code> tag in internal use page to view user data.
How much will this tag protect against xss?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Stalker_RED, 2017-07-21
@Stalker_RED

If there is no escaping or filtering besides the <code> tag, then it will not help at all. Nobody hinders to write </c⁠ode>alert(1);
And if there is a normal screening of an output that and <code> is not obligatory.

Report
S
sim3x, 2017-07-21
@sim3x

No
sanitizing of user input is done before saving to the database

Similar questions
E
Evgeny Zhurov2017-04-05 17:19:26
How to get select value changed in real time? 2Reply
F
Fyodor Buzinov2015-04-14 12:52:57
Nginx: redirect from https to http? 5Reply
X
xmoonlight2019-09-11 19:35:03
Development of OS update policy ideology: is it necessary and how often? 4Reply
A
Albadur2019-09-16 22:10:11
How to install a site on Django in the ISPmanager panel? 3Reply
U
Utopia2015-04-23 02:42:24
How is the messenger connection and network operation implemented? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question