ESAPI’s encodeForHTML vs encodeForHTMLAttribute

Thanks Gokul, i’ve following query. If i want to bypass the dom based xss like added JS script to the URL, do i need to use these methods to encode the URL or what else could be the solution to prevent? Following is the example.

If the URL is modified like above by adding extra alert, how to bypass these kind of modifications.

Like what you read? Give Aditya Valluru a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.