Hello,
I would like to ask you that which is good library(angularjs jquery react blabla or simple js)/method/technique to get safe input value from users(to prevent csrf and xss or any other malicious) ? which is more safe document.getElementById();or$('#id/.class');
and what is bind data? explain me this in poor people language,please my english is weak.
phoenix254
0
Junior Poster
Recommended Answers
Jump to PostI don't think anything on the client will prevent CSRF or XSS - they're usually due to vulnerabilities on the server. Most of the libs you mention are built on js, so they are not any "better" than plain js, just a bit more convenient maybe.
To what are you …
Jump to PostThis is extending the original question somewhat. I think you need to ask a more specific question with regard to "data binding" with "angularjs" in a new thread as this thread title gives no clue as to the discussion you wish to have.
All 6 Replies
diafol
I don't think anything on the client will prevent CSRF or XSS - they're usually due to vulnerabilities on the server. Most of the libs you mention are built on js, so they are not any "better" than plain js, just a bit more convenient maybe.
To what are you referring with bind data?
phoenix254
0
Junior Poster
i didnt know what is angular so i was googling about that then i found it(bind data). i tried too search this but i dont understand very well. so i asked this question with above question. please tell me what is data bind ?and which method is best to use for chat get post in ajax ?
diafol
This is extending the original question somewhat. I think you need to ask a more specific question with regard to "data binding" with "angularjs" in a new thread as this thread title gives no clue as to the discussion you wish to have.
Taywin
312
Posting Virtuoso
As diafol said, there is NO WAY to prevent CSRF and/or XSS from input values. The rule of thumb, NEVER trust any input from user. You must SANITIZE the value if security is concerned. Either way (document.getElementById() or $('#id/.class'); is the same.
When you are talking about bind data, what are you binding the data to? The meaning of the word is simple, to connect something with another thing. A simple example would be to bind a HTML DOM element to a variable -- var elem = document.getElementById('anId'). However, it depends whether you want to keep the elem alive or let it live within a scope.
phoenix254
0
Junior Poster
any tip to sanitize the value ?
diafol
Sanitizing will happen on the server. You provide no info about what yur using or doing on the server, so can't see how we can help.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.