Loading ...
Sorry, an error occurred while loading the content.

Re: [jslint] Unexpected '\'. in a String literal

Expand Messages
  • Erik Eckhardt
    Blacklisting and escaping are tricky propositions when it comes to trying to avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
    Message 1 of 8 , May 20, 2011
    • 0 Attachment
      Blacklisting and escaping are tricky propositions when it comes to trying to
      avoid XSS. See http://ha.ckers.org/xss.html for an amazing treasure trove of
      potential ways to exploit these.

      You're much better off using a whitelist approach, which immediately
      eliminates everything in that XSS cheat sheet.

      On Fri, May 20, 2011 at 12:55 PM, ia_perdomo <ivan.perdomo.hn@...>wrote:

      >
      >
      >
      >
      > > Is there a reason why you want to have a backslash here?
      > >
      >
      > I'm generating JavaScript code with a template engine [1] and checking the
      > resulting JS code with JSLint. It escapes the '>' character to avoid a
      > '</script>' [2]
      >
      > [1] http://freemarker.org/
      > [2]
      > http://freemarker.org/docs/ref_builtins_string.html#ref_builtin_js_string
      >
      > Thanks for your reply.
      >
      > Iv´┐Żn
      >
      >
      >


      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.