Security Whilst using Online Services

We all know that most of the nowadays internet users could be tracked – that is not a secret, and honesty of Edward Snowden has supported that already several times. While some of us hide all their data in a panic and others rejoice that they are not registered in social networks, and far-sighted people are looking for safe ways to communicate with their friends – Big Brother is not sleeping and trying to track us.

WYSIWYG Html Editor and XSS Attack Prevention

In my previous post, we implemented CRUD operations with HTML WYSIWYG editor and allowed user to enter html code for formatting. Now the next step is to validate html input to prevent XSS. One way is to use AntiXss library, but the newer version breaks everything and has compatibility issues, so not reliable. Here is the white-list approach where you can allow specific html tags and other tags will be html encoded based on this discussion(Archive Version).