Cross site scripting na benchu

DeletedUser · 02.12.2020

Naslov je malo clickbait, ali zanima me sledece: Kako i zasto BBCode na benchu i ostalim forumima kao mera zastite od xss-a. Pokusavam da razumem zasto je to preporucena opcija gde korisnici mogu da edituju svoj tekst, kako BBcode pomaze da se bench zastiti od xss-a? Zar ne bi mogao isti ovakav text editor da se implementira u html-u i da se samo ogranici da nema <div> atributa, <script> tagova i ostalog nepozeljnog? BB ce svakako biti konvertovan u HTML jer browser ne razume BB.

r1stv · 02.12.2020

https://www.reddit.com/r/explainlikeimfive/comments/3k21a9/eli5_bbcode_vs_html/

Akcenat na:

"Pretty similar with one being a simplistic watered down version.

Now, as to where usage is important, basically BBcode is developed for user-response...",

i

"...BBcode is semi-outdated in my opinion, and isn't even free from its own exploits, so really it's all preference and whatever you're doing may support one or the other."

Prosto jer je jednostavnije običnom korisniku i eto da kažemo "navikli smo"

Pretraga

Pretraga

Cross site scripting na benchu

DeletedUser

Banned

r1stv

Cenjen