How to avoid an XSS vulnerability in an HTML FORM? [closed]

Question

How to avoid an XSS vulnerability in an HTML FORM? [closed]

Navigation

#1 by (2 votes)

1

How to avoid having XSS vulnerabilities in a form, using the <form> </form> tag in HTML? Is there any good practice in building HTML code to avoid it?

javascript html xss

asked by anonymous 16.12.2014 / 16:10

1 answer

Using functions as parameters for other functions is slower? How to make blog posts appear on the page when you click on the menu? [closed]

score 2 · Answer 1

XSS does not have to do with the particular form tag. Fundamentally, the problem is when you include some user-controllable text somewhere that will be interpreted as HTML rather than text. The solution to this is when producing HTML you escape all special data characters that are text but are being inserted into your document (both inside a tag and in attributes). Also you have to be careful not to pass user data to script tags or to eval function.

This page has a very comprehensive description of XSS and how to avoid the problem: link