|
|
|
|
|
|
by nomercy400
703 days ago
|
|
|
If you want to avoid XSS attacks, have you tried a CSP header? I know it is more of an output validation, as you restrict what can happen with external scripts. You can only fit so many characters in your exploit, often due to max field lengths, unless you can load some external script.
Disabling loading unknown external scripts with CSP significantly reduces possible attacks, including XSS attacks, because you simply don't have the space. |
|
|