HTML - Escape / Sanitizer

HTML - Escape / Sanitizer


A sanitizer is a program that will:

This is to avoid script injection and should be used on the server side (ie not client) to validate/transform all inputs.

Example of sanitizing

<img src=x onerror=alert(1)//>
<img src="x">
Delete the onload and makes the svg XHTML conform
Delete the iframe
Delete the script node
Make the HTML conform
<UL><li><A HREF=//>click</UL>
<ul><li><a href="//">click</a></li></ul>



Discover More
HTML - Not validating user input (malign script execution)

For a secure application, when accepting untrusted input, e.g. user-generated content such as: text comments, values in URL parameters, messages from third-party sites, etc, it is imperative...
HTML - Security (Secure applications)

This article is security when writing an application that shows HTML pages. HTMLHTTP security page HTML is a programming language that can download and run script. Therefore, you should be extremely...
Prosemirror Dom
How Rich Text editor in HTML are made (Principles and Demo)

How do you create a Rich Text editor in HTML, what are the well-known text editor and what are the principals. This article includes also a basic example where you can extend from to build your own
Web Security - Cross-site scripting (XSS)

cross-site scripting (XSS) is a injection security vulnerability that happens when external javascript code is injected in the page via user input. Injected JavaScript can then steal authentication tokens...

Share this page:
Follow us:
Task Runner