Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m trying to filter out all possibilities of XSS from user name input while still allowing for foreign names to be inputted.
What is the best way to white-list all word-characters in multiple languages (also Chinese and Japanese and Russian)?
Is this possible at all? It would be easy to create a blacklist for XSS with “<>><” but then the hackers could work around this.
I think you may be approaching the problem from the wrong direction.
Typically, preventing XSS vulns is a case of ensuring that any user-generated content that you display on your website is properly escaped.
That way you ensure that what is displayed is exactly what the user entered, without having the risk of your whitelist inadvertently letting a few bad cases through.