ruby on rails - Is data.to_json.html_safe susceptible to XSS attack? -


i'm trying figure out if code safe. @ possible attack code?

<script>   data = <%= data.to_json.html_safe %>; </script> 

in other words, value of data result in successful attack?

any string in data has "</script>" in can used implement xss in example. along lines of

data = { b: "</script><script>alert('hi')</script>" } 

would work


Comments

Popular posts from this blog

resizing Telegram inline keyboard -

command line - How can a Python program background itself? -

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -