<H2>View Guestbook Entries</H2>
    for comment in @comments do
        <!--This is for user <%=comment.name%> -->
        <div style="color:<%=comment.fav_color%>">
        <HR>
        <B>Name:</B><%=comment.name%>
        <BR><B>E-mail:</B> <A HREF="mailto:<%=comment.email%>"><%=comment.email%></A>
        <BR><B>Web Page:</B> <A HREF="<%=comment.webpage%>"><%=comment.webpage%></A>
        <BR><B>Occupation:</B><%=comment.occupation%>
        <BR><B>From:</B> <%=comment.location%>
        <BR><B>Comments:</B><%=comment.comment_text%>
        </div>
    end

Security Checklist

Vulnerability:Cross Site Scripting (XSS) Course: Web
Task – Check each line of code displaying on the web page Completed
1. Highlight/circle each line of code that inserts user supplied/untrusted data into the HTML comment tag.
2. Highlight /circle each line of code that inserts user supplied/untrusted data into an HTML attribute value.
3. Highlight/circle each line of code that inserts unescaped data inside an HTML tag content


This is a common issue, look carefully at all insertions into the HTML page.

Highlighted areas in the application may be vulnerable to XSS attacks!
 
Copyright © Towson University