HTML - Security (Secure applications)

About

This article is about security when writing an application that shows HTML pages.

Because HTML and HTTP are heavily intermixed, this page has also some content of the HTTP security page.

User content / Sanitizing User Input

HTML is a programming language that can download and run script.

Therefore, you should be extremely careful with user-input or HTML content created by your users.

If you:

  • accept HTML, you might want to look into using Iframe with sandbox, but security is hard, and that doesn’t seem to be 100%.
  • don't accept HTML, you need to sanitize it by:

Configuration




Discover More
HTML - Not validating user input (malign script execution)

For a secure application, when accepting untrusted input, e.g. user-generated content such as: text comments, values in URL parameters, messages from third-party sites, etc, it is imperative...
Web - Security

in a Web app Email Dmarc Cross-site Scripting ... s-rah/onionscanonionscan Burp Suite (Java based) Burp Suite Community Documentation...
What is a vulnerability?

A vulnerability is a vector of attack in software. For instance: encoding / escaping is not used on user information, ie: in SQL, not using the SQL parameters in HTML, not escaping user information...



Share this page:
Follow us:
Task Runner