Menu
What is an regular expression that can be used to determine if a string is an XSS (cross site scripting) security risk?
282
That depends on the context in which that string is being used.
For instance, if the string is being printed out as part of an HTML page, then the special HTML characters <, >, ", and ' can potentially be XSS risks.
If it's being passed around via JSON, then ' and " could potentially be XSS risks.
If it's being included in SQL statements (which it really shouldn't be, at least not directly - use parameterized queries), then things like ; and backticks may be an issue.
Et cetera.
121
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
