Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I got the below error when I testing my mobile application. How can i resolve this XSS error?
The value of the q request parameter is copied into the HTML document as plain text between tags. The payload 2906f<script>alert(1)</script>b08ffac3085 was submitted in the q parameter. This input was echoed unmodified in the application’s response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application’s response.
You encode it for HTML before you put it in the HTML document.
With JavaScript (since that is the only language you’ve mentioned), that generally means using
createTextNodeinstead ofinnerHTML.