[Active4d-dev] Cross_Site_Scripting Problem

Hi, I have a field username in a form. I save this field with something like [users]usrName:=_form{“name"} Save record[users] Now my customer (a town) has had a penetration-test and the folks which have done it say, there ist a problem when somebody writes in his username something like th

Re: [Active4d-dev] Cross_Site_Scripting Problem

To sanitize input against XSS, use https://github.com/cure53/DOMPurify on the client side, something like this: function submitForm() { var elements = document.form.elements; for (var i = 0; i < elements.length; i++) {