Brakeman Pro - Cross-Site Scripting in Rails

In the end, a web server provides HTML for a browser to render. That HTML is composed from many sources including, potentially, an attacker. Anywhere a site accepts external input can become a vector for XSS payloads: usernames, comments, reviews, bios, search queries, etc. But not just input forms! Query parameters, headers, cookies - anything the attacker can send to the server could be a source of XSS.
#ruby #rails #rubyonrails #bosnia #programming #tutorials #news #rubydeveloper #railsdeveloper

Nezir Zahirovic

Freelance software developer Ruby On Rails (4 years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)

related articles