Skip to main content
XSS - cross site scripting
What is the difference between XSS and CSRF?
- XSS involves causing a web site to return malicious JavaScript, while CSRF involves inducing a victim user to perform actions they do not intend to do.
What is the difference between XSS and SQL injection?
- XSS is a client-side vulnerability that targets other application users, while SQL injection is a server-side vulnerability that targets the application's database.
How do I prevent XSS in PHP?
- Filter your inputs with a whitelist of allowed characters and use type hints or typecasting. Escape your outputs with htmlentities and ENT_QUOTES for HTML contexts, or JavaScript Unicode escapes for JavaScript contexts.
How do I prevent XSS in Java?
- Filter your inputs with a whitelist of allowed characters and use a library such as Google Guava to HTML-encode your output for HTML contexts, or use JavaScript Unicode escapes for JavaScript contexts
Comments
Post a Comment