Databases
StackOverflow2013
Postsdbo
POIs jQuery .text() method XSS safe?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POIs jQuery .text() method XSS safe?
    primarykey
    data
    text
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USVytautas
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POIs jQuery .text() method XSS safe?
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POIs jQuery .text() method XSS safe?
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POIs jQuery .text() method XSS safe?
      1. USMatt
      1. VTFavorite
    1. COEven though jQuery effectively escapes HTML elements when using `.text(data)`, something can be said for not having completely unescaped user defined HTML in your database at all. You should not have to trust your memory to use client side HTML escaping every time you use that database variable and neither should anyone ever using your code. So I'd say, strip the html tags from the data before saving it to your database. Have some tests that ensure you can only save html stripped data for user defined fields. I don't really see the value of escaping vs. stripping in this case.
      singulars
      1. POIs jQuery .text() method XSS safe?
      1. USJorn van de Beek
    2. COIf user wants send html I don't want say to him sorry bro you can't. Maybe that is not html how should i know? whats wrong with saving in database not sanitized data? Why should I delete some parts or modify user data? If I do then how user will be able get his data exactly he submitted?
      singulars
      1. POIs jQuery .text() method XSS safe?
      1. USVytautas
    3. COIt's not about refusing to store dangerous data, it's about making dangerous data safe to store and use. Not many people will try to legitimately use HTML and those who do will see that their HTML is stripped soon enough. Stripping the html tags around text will still leave the text inside them. You really have to modify user data that if that data can be dangerous to you and others. Don't leave it around in your database to be used accidentally.
      singulars
      1. POIs jQuery .text() method XSS safe?
      1. USJorn van de Beek
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload