Hello,
I would like to ask you that which is good library(angularjs jquery react blabla or simple js)/method/technique to get safe input value from users(to prevent csrf and xss or any other malicious) ? which is more safe document.getElementById();or$('#id/.class');
and what is bind data? explain me this in poor people language,please my english is weak.

Member Avatar

diafol

I don't think anything on the client will prevent CSRF or XSS - they're usually due to vulnerabilities on the server. Most of the libs you mention are built on js, so they are not any "better" than plain js, just a bit more convenient maybe.

To what are you referring with bind data?

i didnt know what is angular so i was googling about that then i found it(bind data). i tried too search this but i dont understand very well. so i asked this question with above question. please tell me what is data bind ?and which method is best to use for chat get post in ajax ?

Member Avatar

diafol

This is extending the original question somewhat. I think you need to ask a more specific question with regard to "data binding" with "angularjs" in a new thread as this thread title gives no clue as to the discussion you wish to have.

As diafol said, there is NO WAY to prevent CSRF and/or XSS from input values. The rule of thumb, NEVER trust any input from user. You must SANITIZE the value if security is concerned. Either way (document.getElementById() or $('#id/.class'); is the same.

When you are talking about bind data, what are you binding the data to? The meaning of the word is simple, to connect something with another thing. A simple example would be to bind a HTML DOM element to a variable -- var elem = document.getElementById('anId'). However, it depends whether you want to keep the elem alive or let it live within a scope.

Member Avatar

diafol

Sanitizing will happen on the server. You provide no info about what yur using or doing on the server, so can't see how we can help.