Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If I use xss, what’s the difference between typing in ALERT(‘DSSA’);, or just paste it to a search textfield? In a site, typing works, and makes the alert, but if I just paste it, than it doesn’t. To prevent the question, I don’t want to hack any site, I’m just interested in network security.
thanks for the answer
This will be because the programmer who built the website is lazy and hasn’t listened for the
onpasteevent.Typing fires the
onkeydown,onkeypressandonkeyupevents, and are the standard events to consider when watching for user input.It would seem those are the only events the programmer has listened for (which makes this irrelevant of network security).
If this is not the case, then he’ll be using two different event handlers for the events; one which escapes the input, and in the other he’s forgotten.