lesson_12.md 535 B
Computer Security - lesson 12
Stefano Zanero
6 May 2016
Web Security pt.2
To protect a website from scripting in the comments section A good solution is to whitelist characters that can't make a javascript script.
Our other option is to escape stuff, that is to escape dangerous characters we can substitute the nonterminals to the corresponding character For example replace > and < with > < or replace & with &
CSP or Content Security Policy is a generalized version of SOP