发表新帖
发表新帖

Why use a whitelist for HTML sanitizing?

前端 未结
关注
7 2165
野趣味
野趣味 2020-12-06 18:39

I\'ve often wondered -- why use a whitelist as opposed to a blacklist when sanitizing HTML input?

How many sneaky HTML tricks are there to open XSS vulnerabilities?

7条回答
  • 时光说笑
    时光说笑 (楼主)
    2020-12-06 18:57

    Even though script tags and frame tags are not allowed, you still can put any tag like this

    mouse over this

    and many browsers works.

    0 讨论(0)
 看不清?
提交回复
热议问题