I have a service which appends (update service) text to an attribute. The text gets displayed later on other parts of my app. This chat service has one big problem, XSS. What is appery's recommended mitigation for this?
Q: Is there a way to prevent someone from injecting:
into a text field like this? I would think this is a relevant problem amongst other developers here.
HI Anon.
Please provide us more information(perhaps screen shots) about this problem.
Regards.
I said that on a update service I write an input field to a database, then update the page to reflect the user message that was uploaded. However, I can write things like :
<script> alert("Bug"); </script>
into the text field and it will execute the script. This is called cross site scripting and can jeopardize my data.
Hi Anon, Please let's continue our conversation here https://getsatisfaction.com/apperyio/.... We are working on it at the moment and will get back to you with update.