By Romain Garcia on March 7, 2023 in category
Ethical Hacking

To fix an XSS on formatted text, it is not possible to simply encode the data, as this would remove all possibility of text formatting. This is where the "sandbox" parameter of the HTML "iframe" tags will make our life easier. Indeed, this parameter is designed to automatically clean what is in the iframe from anything that could be dangerous, while keeping the harmless HTML tags.