Y
Hacker News
new
|
ask
|
show
|
jobs
by
caffeinewriter
1956 days ago
Definitely use a battle-tested HTML sanitization library if possible. There's a million different pitfalls and footguns with XSS. See: Some of the insane XSS polyglots out there that can be used for testing.
https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ulti...
2 comments
sammorrowdrums
1956 days ago
Also the stricter the content security policy the more xss holes you can plug.
link
DarrenDev
1956 days ago
Thanks for the advice. It's number 1 on my list now.
link