+ 2
Can you create a html injection
html injection
2 ответов
0
the answer is yes: https://www.acunetix.com/vulnerabilities/web/html-injection
0
as previously said, yes.
to create, place valid hypertext into an input. if the input isn't validated, the code would appear. Mostly, you'll see xss over this type of attack and nearly always borders on injecting scripts like js.
html tags should ALWAYS be removed from input.
regular expressions are an easy validation route that can deny or replace harmful code before being uploaded to or downloaded from the database.
this attack is covered in the latest Comptia s+, if you're up for reading.
lastly, never... ever.. trust i/o.