-
Notifications
You must be signed in to change notification settings - Fork 4
Activity 4 Questions
Wyatt Tauber edited this page Nov 24, 2019
·
5 revisions
- Provide a link to the test cases you generated for this activity.
- How do you prevent XSS in this step when displaying the username of the user who uploaded the video?
Special characters that could be used in cross-site scripting are removed from the user display name prior to being displayed on the webpage. In addition, these special characters are also removed from the video name prior to being stored in the database and saved to the server.
- How do you ensure that users can’t delete videos that aren’t their own?
We perform a two-step check to verify the identity of a user, and the owner of a video, before allowing deletion. The first step is to verify that the session id of a user is a valid session id (thereby verifying authentication). The second step is to verify that the user id of the current user is the user id of the video owner (thereby verifying authorization).
footer