mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Change HTML img
tag to lowercase [ci skip]
This commit is contained in:
parent
869532ccea
commit
95242fa69b
1 changed files with 1 additions and 1 deletions
|
@ -773,7 +773,7 @@ As a second step, _it is good practice to escape all output of the application_,
|
||||||
Network traffic is mostly based on the limited Western alphabet, so new character encodings, such as Unicode, emerged, to transmit characters in other languages. But, this is also a threat to web applications, as malicious code can be hidden in different encodings that the web browser might be able to process, but the web application might not. Here is an attack vector in UTF-8 encoding:
|
Network traffic is mostly based on the limited Western alphabet, so new character encodings, such as Unicode, emerged, to transmit characters in other languages. But, this is also a threat to web applications, as malicious code can be hidden in different encodings that the web browser might be able to process, but the web application might not. Here is an attack vector in UTF-8 encoding:
|
||||||
|
|
||||||
```html
|
```html
|
||||||
<IMG SRC=javascript:a
|
<img src=javascript:a
|
||||||
lert('XSS')>
|
lert('XSS')>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue