Jul 21, 2017 · 1 min read
Nice article.
As a web developer, I am must say never believe the data is valid and legal transferred from the HTTP requests.
we should validate the data whether is right for database before stored.
I have came across someone intercepted my http request, and then falsify one parameter into scripts which should be the url of image. I ignore the validity of this parameter, finally DOM Based XSS happened.
