|
|
|
|
|
|
by Sirened
1273 days ago
|
|
|
remind me of a couple of different crumby """anti-cross-site-scripting""" filters you used to be able to find. They claimed that they'd remove dangerous input so that it would never hit your backend. They did this by deleting any harmful looking input, which had the fun consequence of turning this invalid input: <script<script></script>>alert("hax")</script<script></script>>
into this: <script>alert("hax")</script>
which now is an actual hazard. Always amusing when things which were meant to make things better recreate the same problem just in a worse and harder to deal with way :) |
|
|