How do you prevent a XSS attack when a browser URL is like
https://www.somesote.com/search?input=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E
This runs in the browser and brings up the alert . I have used URL encode in the search condition while getting input parameter as
Name:({% UrlEncode(Querystring["input"]) #%})
How can I prevent running that script and stop the alert box
Perhaps consider Imperva or cloudflare.
Please, sign in to be able to submit a new answer.