Open uri20170921 753 1f89z2f?1506024339

Brakeman Pro - Cross-Site Scripting in Rails

In the end, a web server provides HTML for a browser to render. That HTML is composed from many sources including, potentially, an attacker. Anywhere a site accepts external input can become a vector for XSS payloads: usernames, comments, reviews, bios, search queries, etc. But not just input forms! Query parameters, headers, cookies - anything the attacker can send to the server could be a source of XSS.
#ruby #rails #rubyonrails #bosnia #programming #tutorials #news

U
Nezir Zahirovic

Freelance software developer Ruby On Rails (3 years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (10 years)

related articles