0

How does a site like SO handle the codes we upload and display them without the codes causing any harm to the SO server?. I am sure that there would be a ton of malicious codes that are uploaded. So how can i go about designing a similar system that allows to safely handle codes and display them without compromising the safety of my site ?.

newbiePrgrmr
  • 33
  • 4
  • 2
    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet the main thing to remember is that code is just text. code is only executable if it's in the correct context. displaying `rm -rf /` is just some random characters as far as a browser/webserver is concerned - totally harmless. cut&paste it into a unix shell and suddenly it's incredibly hazardous. – Marc B May 25 '15 at 19:56
  • @Marc B but how do i display the codes without letting it execute?. Is it just enough to use tags? Is there any simple method to prevent a text block from being executed regardless of what code it contains? – newbiePrgrmr May 25 '15 at 20:03
  • @newbiePrgrmr — Try reading the link in Marc's comment. – Quentin May 25 '15 at 20:04
  • html is for formatting. it has no capability of tagging somesthing as "this is incredibly malicious C code that will trigger nuclear argmageddon. don't execute it". that's not html's job. – Marc B May 25 '15 at 20:09

0 Answers0