violin
violin
Jul 21, 2017 · 1 min read

Nice article.
As a web developer, I am must say never believe the data is valid and legal transferred from the HTTP requests.
we should validate the data whether is right for database before stored.
I have came across someone intercepted my http request, and then falsify one parameter into scripts which should be the url of image. I ignore the validity of this parameter, finally DOM Based XSS happened.

)
    violin

    Written by

    violin

    Chinese, Web developer, know some Java and PHP, Football fan