A
account8226
Guest
Hello XF,
Here is my problem, I sanitize my inputs using the ->filter() method of the xenforo framework.
I fetch my vars (sanitized) from my DB, and show them on a page. But when I trigger on event with Javascript onto these text, if one of them got the "<script>alert("XSS");</script>" text (as an example of course) it's poping up the alert !
What I've done wrong ? How to sanitazie my javascript text.
Regards.
Here is my problem, I sanitize my inputs using the ->filter() method of the xenforo framework.
I fetch my vars (sanitized) from my DB, and show them on a page. But when I trigger on event with Javascript onto these text, if one of them got the "<script>alert("XSS");</script>" text (as an example of course) it's poping up the alert !
What I've done wrong ? How to sanitazie my javascript text.
Regards.
