Is my site safe from XSS if I replace all '<' with '& lt;'?

Question

I am wondering what is the minimum size to make a site safe from XSS .

If I just replaced <with <in all the content submitted by the user, will my site be XSS safe ?

+5

Kyle Dec 02 '10 at 1:16

5 answers

. , .

+2

Yahel 02 . '10 1:20

+2

ttessier 02 . '10 1:26

. , -, , - , !

, , ..Net , - ( , ) ( , "" , )

+2

Rory Alsop 05 . '10 19:22

, .

, . .

0

John Dec 02 '10 at 1:18

alex · Accepted Answer · 2010-12-02T01:22:22+0000

It depends on the context.

In addition, coding is less than just a flash of ideas. You should simply encode all characters that have special meaning and can be used for XSS ...

, , , - ...

. .

...

http://www.example.com" onclick="window.location = 'http://nasty.com'; return false;

, , ...

<a href="http://www.example.com" onclick="window.location = 'http://nasty.com'; return false;">View user website</a>

, .