I am creating a website where you \”post\”, and the form content is saved in a MySql database, and upon loading the page, is retrieved, similar to facebook. I construct all the posts and insert raw html into a template. The thing is, as I was testing, I noticed that I could write javascript or other HTML into the form and submit it, and upon reloading, the html or JS would treated as source code, not a post. I figured that some simple encoding would do the trick, but using <form accept-charset=\"utf-8\"> is not working. Is there an efficient way to prevent this type of security hole?
Rating:
The post python – Preventing a security breach appeared first on Javascript ASK.
via Javascript ASK http://javascriptask.phpfogapp.com/python-preventing-a-security-breach.html
No comments:
Post a Comment