To fix an XSS on formatted text, it is not possible to simply encode the data, as this would remove all possibility of text formatting. This is where the "sandbox" parameter of the HTML "iframe" tags will make our life easier. Indeed, this parameter is designed to automatically clean what is in the iframe from anything that could be dangerous, while keeping the harmless HTML tags.
Our latest articles
Fix XSS on formatted text with iframe sandbox
By Romain Garcia on 03/07/2023 in the Ethical Hacking category
Why perform a penetration test
By Romain Garcia on 02/12/2023 in the Ethical Hacking category
A penetration test is a form of security audit that consists in trying to hack a system (web application, servers, company network...) using the same tools as a real attacker.
Search
Categories
Latest articles
- 5 cybersecurity mistakes that small businesses still make too often
- Understanding and protecting against XSS (Cross-Site Scripting) vulnerabilities
- What is an intrusion test? The essentials in 5 minutes
- Pentest in production or in a test environment: which is better?
- Penetration test: what to expect and how to prepare
A project in mind?
Do you have questions about your system's security, need a pentest, or want to train your teams in best practices?