|
|
|
|
|
|
by laumars
3755 days ago
|
|
|
> Blacklist input validation as defense against XSS? Are you kidding me? Where are you seeing that? The advice I can see talks about escaping HTML rather than blacklisting input validation: https://www.hacksplaining.com/prevention/xss-stored Unfortunately it doesn't discuss escaping Javascript nor CSS. But it least it covers the most common case. |
|
|