# Computer Security - lesson 12
#### Stefano Zanero
###### 6 May 2016
## Web Security pt.2
To protect a website from scripting in the comments section
A good solution is to whitelist characters that can't make 
a javascript script.

Our other option is to __escape stuff__, that is
to escape dangerous characters we can substitute the nonterminals
to the corresponding character
For example replace > and < with &gt &lt
or replace & with &amp;

__CSP__ or Content Security Policy is a generalized version of __SOP__

## SQL INJECTION