It's probably better to disable the JavaScript engine based on certain heuristic... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Manfred on Sept 4, 2009 \| parent \| context \| favorite \| on: XSS Twitter in minutes; Why you shouldn't store im... It's probably better to disable the JavaScript engine based on certain heuristics, for instance when there is invalid character encoding in attributes.

tptacek on Sept 4, 2009 [–]

That won't work, because too much "safe" user-controlled content will contain invalid utf8.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact