...

/

Challenge: Render User-provided Content

Challenge: Render User-provided Content

Practice what we've learned about application security.

Problem statement

There are certain situations in which a website might receive a text or HTML string from the server to render. Some websites might allow trusted administrators to write or generate an HTML snippet that should be injected. Other websites might use a rich-text editor to allow users to create content. Usually, these editors output HTML markup that ...