sander/notes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update sectraining.md

Browse source
This commit is contained in:
Sander Hautvast 2024-02-05 10:29:05 +01:00 committed by GitHub
parent b6f5cfd8f3
commit 901746abcb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sectraining.md
View file

@ -19,6 +19,8 @@ To prevent non-HTML HTTP responses from embedding data, that might be dangerousl
JavaScript frameworks (e.g., Angular, React) or server-side templating systems (e.g., Go Templates) have robust built-in protections against Reflected Cross-Site Scripting.
#### Java
|type| java |
|---|---|
|HTML Body <div>USER-CONTROLLED-DATA</div> | `Encode.forHtml` |
|HTML Attribute <input type="text" value="USER-CONTROLLED-DATA"> `Encode.forHtmlAttribute`|