code to block/prevent JavaScript Injection

Portal Home > Knowledgebase > Articles Database > code to block/prevent JavaScript Injection

Posted by sdhost1964, 01-04-2012, 11:12 PM
greetings, I need html code or script ...etc to stop/block or prevent hacker to inject my html page regards bob
Posted by onel0ve, 01-05-2012, 12:17 AM
install Mod security in your server it will help you
Posted by FocusKieran, 01-05-2012, 08:34 AM
A white list of characters is probably the best way to go about it if you're allowing user input. So simply encode the characters you don't want and leave the others as they are, or vice versa encode it all and decode the ones you want...
Posted by khunj, 01-05-2012, 10:38 AM
You need to find/patch the vulnerability and your problem will be solved.
Posted by ScottAN, 01-05-2012, 02:55 PM
I agree with the above. You should not think to be adding code to solve a script injection problem. You should think about fixing the code that you already have that allowed for script injection. Remember to strictly validate all input received from the client in your scripts.
Posted by babygekko, 01-08-2012, 02:00 AM
You mean you're trying to prevent XSS? This is just one way ... I'm sure there are other ways .. e.g:
Posted by topgun, 01-08-2012, 06:16 AM
Encode all user input to html entities before it is displayed. would become: