Learn More
Resend Email
8
netikras
4y

- why did you enter test data text value with this <script> html? Don't do that. Use normal text

this is something I've never expected to hear from a php/react dev.... I'm truly disappointed. I really am.

On top of that he refused to follow my recommendations to google: "xss". Another teammate had to google for him and drop a link.

Just when I was about to like working with this guy.... :(

rant

xss

stored xss

security? meeh

just tell users to enter normal text

naive
Favorite
Ranter
Comments
  • 5
    4y
    "Oh yeah sure, I'll do that next time! And you better goddamn pray that any malicious actor coming by will be 'nice' and not do this either since its not a nice thing to do because those people have great ethics/morals!"

    Aaaaaaand this, my people, is how you get motherfucking compromised.
  • 0
    4y
    Did you test SQL injections as well?
  • 1
    4y
    As per @sbiewald
    I'm just going to leave this here.

    http://sqlmap.org/

    Anytime I put up a new route, I bash the shit out of it.
  • 1
    4y
    @sbiewald prepared statements. No raw queries in the house
  • 1
    4y
    @netikras At least this was done right.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment