Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What do you mean precisely? Normally you prevent code injection by not allowing user-supplied strings to be interpreted as JavaScript in the first place, not by trying to catch all the possible ways in which one can construct a script doing something harmful. There aren't so many ways to inject a <script> tag or something equivalent into the page.


Some sites let you insert some Javascript, but try and block certain techniques (and it all goes horribly wrong for them).




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: