Hey,
Basically, this is a library that offers it's own functionality to escape special character and HTML edge cases to prevent different kinds of XSS. In regards to usage, they have pretty straightforward instructions.
Don't know whether this is the best tool for the job but I can't recommend anything else since I'm not aware of any.
It's good that you care, understand the risk, and try to prevent the damage from happening.
Good luck
Hi )
I connected everything to protection.
How can I validate the form?
I want to check whether my protection is working or not.
If I paste this into the alert (document.cookie) form it will be sent to my mail. I will not see any JavaScrip code displayed.
I need a method to test my XSS protection.
In other words, what I need to do is to make an XSS attack on my form so that I can see if my defense has worked or not.
I hope I have explained it clearly.
I am sorry my English is bad.
Like I mentioned earlier, you probably want to learn the basics on your own and then validate your protection by "attacking" your own page. Here's a great video with explanations on different techniques. The guy has also a practice area where you can practice what you've learned: youtube.com/watch?v=EoaDgUgS6QA
When you protect something, be aware of what it is you are protecting from. "XSS" is a wide range of techniques that can abuse pages. If you protect from a certain technique - e.g. HTML tags, try exploiting your own form with something like <img src/onerror=alert(1)>.
Here's another cheatsheet by Portswigger where you can see an endless list of methods: portswigger.net/web-security/cross...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey,
Basically, this is a library that offers it's own functionality to escape special character and HTML edge cases to prevent different kinds of XSS. In regards to usage, they have pretty straightforward instructions.
Don't know whether this is the best tool for the job but I can't recommend anything else since I'm not aware of any.
It's good that you care, understand the risk, and try to prevent the damage from happening.
Good luck
Hi )
I connected everything to protection.
How can I validate the form?
I want to check whether my protection is working or not.
If I paste this into the alert (document.cookie) form it will be sent to my mail. I will not see any JavaScrip code displayed.
I need a method to test my XSS protection.
In other words, what I need to do is to make an XSS attack on my form so that I can see if my defense has worked or not.
I hope I have explained it clearly.
I am sorry my English is bad.
Hi,
Like I mentioned earlier, you probably want to learn the basics on your own and then validate your protection by "attacking" your own page. Here's a great video with explanations on different techniques. The guy has also a practice area where you can practice what you've learned: youtube.com/watch?v=EoaDgUgS6QA
When you protect something, be aware of what it is you are protecting from. "XSS" is a wide range of techniques that can abuse pages. If you protect from a certain technique - e.g. HTML tags, try exploiting your own form with something like
<img src/onerror=alert(1)>
.Here's another cheatsheet by Portswigger where you can see an endless list of methods: portswigger.net/web-security/cross...