I want to allow users to make links in my web app that other users can see. I don't want them to be able to run any javascript or xss or anything, of course. Does a simple "http://" at the beginning eliminate those problems? That is, if an href starts with "http://", can I let my users c开发者_运维问答lick it without worrying too much?
As long as you escape html tags and quotes in the links they post, there won't be any problem.
Obviously, if a site contains a reflected xss, such as http://example.com/?x=<script>...</script> and such a link is posted, you can't avoid the xss if the page they're redirected to is xss vulnerable.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论