Is a web page without text fields and text areas immune to XSS?

56 Views Asked by Sameer Sarmah At 19 October 2024 at 22:22

If a web page comprises of drop downs,radio buttons,check boxes etc for user input and avoid text fields and text area to evade untrusted data(malicious javascript entered by the user). Is such a web page immune to XSS? If not how to secure such an application using ESAPI.

Original Q&A

There are 2 best solutions below

Gerino On 16 December 2014 at 15:45 BEST ANSWER

You can edit the form in your browser using for example Firebug and just add any field with any name.

Even more so, you can just forge whole post/get requests with any data you like (using curl or many other tools).

So: no, it is not.

llogiq On 16 December 2014 at 15:46

Not necessarily. The input type doesn't matter, because requests can be spoofed (easy with GET, but not too hard with POST requests). What matters is that the result of the form is sanitized before inserting it into the page.

Is a web page without text fields and text areas immune to XSS?

There are 2 best solutions below

Related Questions in XSS

Related Questions in ESAPI

Trending Questions

Popular # Hahtags

Popular Questions