sander/notes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update sectraining.md

Browse source
This commit is contained in:
Sander Hautvast 2024-02-05 10:26:51 +01:00 committed by GitHub
parent 314e0ae434
commit c5c1b6ff98
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sectraining.md
View file

@ -20,9 +20,15 @@ JavaScript frameworks (e.g., Angular, React) or server-side templating systems (
#### Java #### Java
HTML Body <div>USER-CONTROLLED-DATA</div> `Encode.forHtml` HTML Body <div>USER-CONTROLLED-DATA</div> `Encode.forHtml`
HTML Attribute <input type="text" value="USER-CONTROLLED-DATA"> `Encode.forHtmlAttribute` HTML Attribute <input type="text" value="USER-CONTROLLED-DATA"> `Encode.forHtmlAttribute`
URL Parameter <a href="/search?value=USER-CONTROLLED-DATA">Search</a> `Encode.forUriComponent` URL Parameter <a href="/search?value=USER-CONTROLLED-DATA">Search</a> `Encode.forUriComponent`
CSS String <div style="width: USER-CONTROLLED-DATA;">Selection</div> `Encode.forCssString` CSS String <div style="width: USER-CONTROLLED-DATA;">Selection</div> `Encode.forCssString`
CSS URL <div style="background: USER-CONTROLLED-DATA "> `Encode.forCssUrl` CSS URL <div style="background: USER-CONTROLLED-DATA "> `Encode.forCssUrl`
JavaScript Block <script>alert("USER-CONTROLLED-DATA")</script> `Encode.forJavaScriptBlock` JavaScript Block <script>alert("USER-CONTROLLED-DATA")</script> `Encode.forJavaScriptBlock`
JavaScript Variable <button onclick="alert('USER-CONTROLLED-DATA');">click me</button> `Encode.forJavaScriptVariable` JavaScript Variable <button onclick="alert('USER-CONTROLLED-DATA');">click me</button> `Encode.forJavaScriptVariable`