VulnerableApp icon indicating copy to clipboard operation
VulnerableApp copied to clipboard

Published 20 hours ago verified publisher icon SasanLabs

XSS Security Implementation and Ongoing SQL Injection Hardening

Open LyesRocker opened this issue 9 months ago • 0 comments

Hi @preetkaran20,

I hope you're doing well. I’ve implemented secure functionalities for both stored and reflected XSS:

Reflected XSS:

Level 8: Using CSP and escaping HTML entities Level 9: Using MIME type Level 10: Using hashed paths Stored XSS:

Level 8: Escaping HTML and removing all script and img tags Level 9: Using a regex to remove all HTML tags Level 10: Escaping HTML and removing all JS calls, e.g., javascript:alert(1); Let me know your thoughts. If everything is fine, I’ve already started working on the SQL Union injection. In the meantime, I am documenting each level I secure or don't secure, and I’ll be providing a document on how to escape each security vulnerability (if not secured), to help users understand the application.

Thanks, Lyes

LyesRocker avatar Feb 07 '25 15:02 LyesRocker