Y
Hacker News
new
|
ask
|
show
|
jobs
by
bennofs
3618 days ago
Why is blacklisting not safe, assuming you contextually blacklist?
2 comments
moloch
3618 days ago
There are a huge number of contextual corner cases, this cheat sheet lists just a few:
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_She...
link
tedunangst
3618 days ago
I don't understand what that page is trying to tell me. What is the "filter" that <body onload=alert()> evades?
link
strommen
3618 days ago
Read this:
https://stackoverflow.com/questions/5696244/is-escaping-and-...
link
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_She...