Why use a whitelist for HTML sanitizing?
I\'ve often wondered -- why use a whitelist as opposed to a blacklist when sanitizing HTML input?
How many sneaky HTML tricks are there to open XSS vulnerabilities?
I\'ve often wondered -- why use a whitelist as opposed to a blacklist when sanitizing HTML input?
How many sneaky HTML tricks are there to open XSS vulnerabilities?
