IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [html]

HTML (HyperText Markup Language) is a language used to create web pages using tags inline with the content to indicate to browsers how to display that content, using the tags to interpret formatting, images, scripts and other content.

The HTML tag should be used for questions referring to the security of the HTML language, or implementations based upon it.

HTML uses tags inline with the content to indicate to browsers how to display that content, using the tags to interpret formatting, images, scripts and other content.

From a security perspective, most vulnerabilities are down to the functionality allowed by scripts (e.g. JavaScript), embedded content (e.g. Flash) and other plugins.

340 questions
17
votes
2 answers

Attack Vectors for Purely Static Website (HTML and CSS)

I am sorry if this is a too trivial question, but once I was told that only a fool is sure of anything: as I am not sure about this question, I am willing to risk my neck by asking it anyway, all in the name of learning and keeping my stuff secure.…
Lex
  • 4,257
  • 5
  • 21
  • 27
5
votes
2 answers

What is the purpose of time-dependent form input names?

This login form keeps changing the names of its fields: What does that accomplish? What kind of attack does it protect against?
ændrük
  • 162
  • 7
4
votes
1 answer

What is the risk of allowing display of arbitrary HTML files?

Github and Bitbucket allow README files in formats such as Markdown or reStructuredText, but not in HTML format. Is there a security risk in doing so?
Jason S
  • 394
  • 1
  • 8
3
votes
1 answer

Is autocomplete="off" bad for username input fields?

So it seems the current consensus is that autocomplete="off" is bad for password input fields: Should web sites disable form autocomplete on all forms? Should websites be allowed to disable autocomplete on forms or fields? But does that include…
Sámal Rasmussen
  • 231
  • 2
  • 8
1
vote
2 answers

How to "normalize" an html file?

Given an HTML file, the content of which was generated from various websites, it could have potential security problems, like: Q: What can we do to "clear" this HTML file? Run a: sed '/