Hacker News new | past | comments | ask | show | jobs | submit login

Quite a list. Kinda makes me feel bad for all the people writing HTML sanitizers :(



It's really not that difficult if you use a parser + whitelist. You don't have to care about this sort of thing if you limit people to using certain tags/attributes in WYSIWYG editors and other inputs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: