hasky created web application which like data management. it take data from user and save to database and show to user or we can say user write data using browser and in node or any backend Technology save that data in Database and when user want that data then user can see that data in browser.
You can modify and escape your data before saving to the database, or in between by retrieving and outputting it to the browser. This depends on how your data is edited and used. For example, if the user is editing the data later, it makes more sense to save as-is and sanitize upon output.
<script>alert('I am not sanitized!');</script>
alert(), but a hacker won’t be nearly as kind.
You may choose to handle this yourself. The html-escape library provides a function that will be your best friend when displaying data. Simply call the
escape() method on your data to replace it with properly escaped HTML:
Don’t forget to sanitize the output of any command-line script you are running. A great library for this is
This is used the same way as
html-escape. Use the
shellescape() function to escape any commands you are calling. This prevents arbitrary commands from being executed on the command-line.
shellescape() wraps arguments. This ensures that they are escaped correctly and don’t open your application up to structural manipulation of the commands.
Try running the output in the terminal. You will get the expected escaped output.
Continue to Secure Authentication Development Method ..