This is only too true! At work we do CRUD projects, which means user input gets ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

arenaninja on Sept 18, 2014 | parent | context | favorite | on: TXT Record XSS

This is only too true! At work we do CRUD projects, which means user input gets stored in the database. I almost always break other people's work by adding HTML tags to the inputs, navigating back to the page, and seeing markup that shouldn't be there. Even database output needs to be sanitized

0xbadcafebee on Sept 18, 2014 | [–]

Database output is application input. All forms of input need to be sanitized, period.

dspillett on Sept 19, 2014 | [–]

Same here. It is surprising how many times I've done that over the years and people are both surprised how easy it was but easily convince themselves that "it'll be all right" somehow and they'll fix it later...

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact