Modelo:XSS alert/doc

De GeoGebra Manual
< Modelo:XSS alert
Revisión feita o 22 de xaneiro de 2011 ás 04:10 por Zbynek (Conversa | contribucións)
(dif) ← Revisión máis antiga | Revisión actual (dif) | Revisión máis nova → (dif)
Edit-copy green.svg
 This is a documentation subpage for Modelo:XSS alert (see that page for the modelo itself).
It contains usage information, categories, interlanguage links and other content that is not part of the original modelo page.

Template:XSS alert/doc

Description
Adds an alert box describing a Cross-site scripting vulnerability in including Extension page. Also adds including page to mw:Category:Extensions with XSS vulnerabilities
If your extension was tagged with this template please read
Example
{{XSS alert|~~~~}}
Creates
 WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things.
Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML

Signed: Duesentrieb 13:43, 22 March 2007 (UTC)
Traído desde "http://wiki.geogebra.org/s/gl/index.php?title=Modelo:XSS_alert/doc&oldid=89"
© 2024 International GeoGebra Institute