What do you mean precisely? Normally you prevent code injection by not allowing ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		stiff on Aug 10, 2011 \| parent \| context \| favorite \| on: 535 ways to reload the page with JavaScript What do you mean precisely? Normally you prevent code injection by not allowing user-supplied strings to be interpreted as JavaScript in the first place, not by trying to catch all the possible ways in which one can construct a script doing something harmful. There aren't so many ways to inject a <script> tag or something equivalent into the page.

rmccue on Aug 10, 2011 [–]

Some sites let you insert some Javascript, but try and block certain techniques (and it all goes horribly wrong for them).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact