Highest Voted 'html-injections' Questions

65

votes

8 answers

Preventing HTML and Script injections in Javascript

Assume I have a page with an input box. The user types something into the input box and hits a button. The button triggers a function that picks up the value typed into the text box and outputs it onto the page beneath the text box for whatever…

asked Dec 31 '13 at 10:02

lorless

4,126
8
30
41

9

votes

0 answers

How do I escape HTML by default in Liquid?

I know that it's possible to escape HTML in liquid by using the escape filter # cthulhu is "blink" {{ cthulhu || escape }} but is it possible to make liquid escape the HTML in all variables by default? I know that Rails escapes all…

ruby-on-rails ruby liquid html-injections

asked Jan 24 '17 at 23:40

Andrew Grimm

78,473
57
200
338

8

votes

3 answers

Passing authentication token in header while redirecting to a new SPA page

Assume these: A -----------------------> B (Sender website) (Angular website) We implemented a normal Angular SPA (B) that its index.html and other resources are simply hosted in IIS and there is a simple rewrite rule for handling…

angular iis jwt http-post html-injections

asked Mar 05 '20 at 23:52

Ahmad Behzadi

1,006
15
30

8

votes

3 answers

HTML injection into someone else's website?

I've got a product that embeds into websites similarly to Paypal (customers add my button to their website, users click on this button and once the service is complete I redirect them back to the original website). I'd like to demo my technology to…

html demo html-injections

asked Mar 05 '14 at 15:26

Gili

86,244
97
390
689

5

votes

2 answers

RuntimeError: main thread is not in main loop using Matplotlib with Django

I am creating a Matplotlib figure to display in a HTML template in my Django application. I send this figure to the HTML by saving it under my static files, and then loading an img tag with the saved .png. I do this in my views.py after getting a…

python django matplotlib django-templates html-injections

asked May 03 '18 at 14:40

Ahmad

402
5
11

4

votes

2 answers

How to inject HTML code safely (avoid HTML injection)

In our enterprise software we allow customers to supply their own HTML to customize the ‘Contact’ and ‘Legal’ pages of the app. Its a nice feature, but as our app knows nothing specific about the app which actually provides the HTML, I was wondering…

html dom xss code-injection html-injections

asked Nov 03 '20 at 22:42

Chrissi Grilus

1,099
2
9
21

4

votes

2 answers

Why these 5 (6?) characters are considered "unsafe" HTML characters?

In PHP, there is a function called htmlspecialchars() that performs the following substitutions on a string: & (ampersand) is converted to & " (double quote) is converted to " ' (single quote) is converted to ' (only if the flag…

html escaping code-injection javascript-injection html-injections

asked Mar 10 '17 at 22:14

Pedro A

3,989
3
32
56

3

votes

1 answer

How is HTML injection possible in this domxss.com challenge

OWASP's testing for HTML injection page (link) shows a particular code that is supposed to be vulnerable to HTML injection.

Questions tagged [html-injections]