I'm currently writing a very small forum website for practice and I'm trying to think of any vulnerabilities before fully creating the website.
My question is, if I use a Rich Text Editor (Such as ckeditor), would I have to check the user input in the back-end for things such as scripts, weird HTML formatting, and so on? Would it be possible for the user to "cheat" the editor and insert scripts, and invalid HTML that might prevent the page from loading?
Aucun commentaire:
Enregistrer un commentaire