How to avoid an XSS vulnerability in an HTML FORM?

Asked

Viewed 372 times

1

How to avoid XSS vulnerabilities in a form by using the tag <form> </form>, in HTML? Is there any good practice in building HTML code to avoid it?

1 answer

2

XSS is not about the particular form tag. Fundamentally, the problem is when you include some user-controllable text somewhere that will be interpreted as HTML instead of text. The solution to this is when producing HTML you escape all the special characters of data that are text but are being inserted into your document (both within a tag and in attributes). Also you have to be careful not to pass user data to script tags or function.

This page has a very comprehensive description of XSS and how to avoid the problem: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

Browser other questions tagged

You are not signed in. Login or sign up in order to post.