Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I just have one simple question about XSS attack. I know that you can prevent them by sanitizing the form inputs, but my question is, how about a search input (a general search on a website for example)? Should we sanitize search inputs as well? I mean, it’s just a search input, the user should be able to search for anything that he/she wants on the website. Please provide me with some clarification on this.
Thank you
nope, you should prevent them by sanitizing the output. So in database (or wherever) you need to pass the data as-is, and process it right before you show it to user