How to avoid an XSS vulnerability in an HTML FORM? [closed]

1

How to avoid having XSS vulnerabilities in a form, using the <form> </form> tag in HTML? Is there any good practice in building HTML code to avoid it?

    
asked by anonymous 16.12.2014 / 16:10

1 answer

2

XSS does not have to do with the particular form tag. Fundamentally, the problem is when you include some user-controllable text somewhere that will be interpreted as HTML rather than text. The solution to this is when producing HTML you escape all special data characters that are text but are being inserted into your document (both inside a tag and in attributes). Also you have to be careful not to pass user data to script tags or to eval function.

This page has a very comprehensive description of XSS and how to avoid the problem: link

    
16.12.2014 / 17:23