Bootstrap XSS attack on Popovers

Question

Bootstrap XSS attack on Popovers

I read here that I can include HTML in a popover, which can be a potential problem for XSS attacks.

In my case, popovers will not contain anything like forms or the like, but only text or links or tables or images.

Is it safe to use them without XSS attacks?

Thanks!

SN

+5

twitter-bootstrap xss

Sergio negri May 12, '15 at 13:23

source share

1 answer

Tiddo · Accepted Answer · 2015-05-12T13:27:47+0000

As long as you provide html it's safe to use them. It is only unsafe to enable html when the content comes from user input and is not subject to preliminary disinfection.

Bootstrap XSS attack on Popovers

More articles: