Questions tagged [sanitization]
Data sanitization to prevent code injection
sanitization
1,140
questions
-2
votes
0
answers
59
views
Can CSS inject JS/Text/Elements without using url(), expression() or pseudo selectors?
Can I consider a CSS script or inline styling safe from injection if I parse the content and discard all pseudo-selectors any pair of css_property=value; when the value contains any of the keywords ...
0
votes
0
answers
22
views
How to sanitise and validate JSON input
I currently have a import/export feature of the user's localData.
I'm new with using JSON, and I need help with sanitizing and validation of the data to make this feature safe.
Local data contains ...
0
votes
0
answers
54
views
How to dump quotes while keeping protection against XSS attacks in Laravel
I have a series of user-input string fields that have to accept ' and ", and I have to present them correctly in a blade view.
I would like to know if it would be secure (and what issues can I ...
0
votes
0
answers
64
views
RDKit- How can we print problematic molecules and their issues together?
I got the error messages using RDKit.Chem.
[14:21:42] Can't kekulize mol. Unkekulized atoms: 3 5 6 7 9 10
[14:21:42] Can't kekulize mol. Unkekulized atoms: 3 5 6 7 10 11
[14:21:48] Explicit valence ...
0
votes
0
answers
25
views
Wordpress not sanitizing double quotes in image alt text text fields causing pages to break
Currently, when users put double quotes in the alt text field for an image in the media library or within the ACF edit window, those quotes get saved to the database within the alt field and rendered ...
-1
votes
1
answer
63
views
ORM OR middleware sanitization level? [closed]
I'm currently developing a web application with Nest.JS as backend framework.
I would like to sanitize values to avoid potential XSS attacks (package sanitize-html).
Should I put sanitization on a ...
0
votes
0
answers
68
views
Am I sanitizing the input properly in my functions.php?
I am creating a WordPress website, using Divi Builder for the design + some PHP for additional functionality in the back-end. Right now I am developing custom Divi modules, whose purpose will be to ...
1
vote
0
answers
59
views
Most strict DOMPurify configuration?
I used the default DOMPurify (https://github.com/cure53/DOMPurify/tree/main) configuration for input sanitization in JavaScript, but noticed that tags like "h3" are allowed. I was wondering ...
2
votes
2
answers
88
views
How to restrict user from running queries that change data
I have a large Java based application that uses connection pooling to access the underlying database for all sort of CURD and reporting operations. The application also provides a database query ...
-1
votes
1
answer
62
views
When sanitize/encode while implementing tags system like on SO
In my development I have a tag system that closely matches the one SO has. And it also allows non-Latin characters.
User can enter new tag and it is saved to the DB.
Existing tags are shown to the ...
0
votes
1
answer
45
views
How to sanitise request body in spring boot if some attributes contain these values
Is there any library available to encode these if present as values eg. can be html attributes, js events, scripts, expressions evaluating to true? Though it should escape values like ">50000&...
0
votes
0
answers
40
views
Is it possible to prevent Angular Custom Element to sanitize whole DOM tree during it's load?
I have ascx control where I'm using Angular Custom Element like this:
<Content>
<my-custom-el></my-custom-el>
<script defer type="text/javascript" src=&...
0
votes
0
answers
161
views
Checkmarx Scans Won't Recognize Any Sanitization Methods in Node/Express
I have a Node.js Express app and I'm running a Checkmarx scanning tool on it. It is flagging things like request.path and request.url and saying that "The element's value flow through the code ...
-1
votes
4
answers
166
views
Why doesn't preventDefault() of an input event stop changes to the value of a form element
This question has been asked and answered before; none of the previous answers given here seem to fix my situation. Therefore I need to ask, once again, why isn't the event prevented correctly?
...
0
votes
0
answers
78
views
Securely validating/sanitizing user input when using SQL Server's CONTAINS() predicate
I've got a table in SQL Server with a full-text index on an NVARCHAR column, and I want my website's users to be able to search through the table for data that matches their search string. I want to ...