You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 15, 2019. It is now read-only.
I'm not sure I follow. Can you elaborate when to use the filter? I assume filter means any method in xssFilters?
Is this warning only applies on Client-side?
Why is the example right before the warning applying filters inside a scritable context / <script>
<script>
var firstname = "..."; //an untrusted input collected from user
document.write('<h1> Hello, ' + xssFilters.inHTMLData(firstname) + '!</h1>')
</script>
The text was updated successfully, but these errors were encountered:
chiefjester
changed the title
Question: DON'T apply any filters inside any scriptable contexts
Question: DON'T apply any filters inside any scriptable contexts?
Mar 21, 2017
I'm not sure I follow. Can you elaborate when to use the filter? I assume filter means any method in
xssFilters
?<script>
The text was updated successfully, but these errors were encountered: