View Single Post
Old 2016-08-21, 17:21   #1108
science_man_88
 
science_man_88's Avatar
 
"Forget I exist"
Jul 2009
Dumbassville

8,369 Posts
Default

Quote:
Originally Posted by GP2 View Post
Edit: hmm, that wouldn't work, see M50685343, where the name displays literally as "Vladan Vidaković" rather than "Vladan Vidaković"
my first thought is a way to stop cross site scripting using forms because technically( in theory) a script tag can use a form that interprets these characters ( for example the less than or greater than sign) in theory if processed into what they are meant for to cross site script or introduce code if not read like a normal string so for example if I wrote a code like < script ></script > in a name field in theory if it got changed without at least being checked it could activate any code inside. and be read as part of the page by the browser so I could in theory make a self retweeting tweet scenario. if you saw this post before posting you would see HTML equivalents of the less than and greater than signs. if these were to get parsed in theory I could make a code work to break it .

Last fiddled with by science_man_88 on 2016-08-21 at 18:04
science_man_88 is offline   Reply With Quote