One example of this is the search box. When a user inputs an invalid character in the search box, the system does not stop the user from submitting the search request. Instead, it outputs the invalid input to the user. To protect against this, you must escape user-input data before displaying it to the user and validate it before displaying it to the user. For example, you should use the following code to escape user input before displaying it to the user.
var escaped = escapeHTML(input); Additionally, you must validate user input before displaying it to the user and preventXSS( ). This can be done using the
END
How to Stay Safe While Using HTML APIs
An example of this is the search box. When a user inputs an invalid character in the search box, the system does not stop the user from submitting the search request. Instead, it outputs the invalid input to the user. To protect against this, you must escape user-input data before displaying it to the user and validate it before displaying it to the user. For example, you should use the following code to escape user input before displaying it to the user.
var escaped = escapeHTML(input); Additionally, you must validate user input before displaying it to the user and preventXSS( ). This can be done using the
END
Timeline
Published on: 11/15/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:43:00 UTC