Correct answers: B & E
B. Limit user input to acceptable characters.
E. Remove all HTML/XML tags from user input.
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
B and E are correct:
"To mitigate this attack, the easiest way is to escape any user input, both when receiving it from the user and when sending data to other users. For example, replacing the < character with < or < for the web content would disable all HTML tags. In Python, this can be done with the standard html.escape() and html.unescape() functions. Sometimes some HTML tags are acceptable, so escaping them all is not an option. In this case, sanitization is a suitable solution. Sanitization processes untrusted user input and runs it through the filter, which allows valid content but strips anything that is not permitted. For example, it may allow <A>, <IMG>, <B> HTML tags but strip any other tags."
I agree with PopLife:
B. Limit user input to acceptable characters.
This might be related to the concept of XSS Filters/Sanitization, in which you take the untrusted user input and strip out anything that is not permitted.
E. Remove all HTML/XML tags from user input.
It might related to the concept XSS Escaping. Like HTML, CSS, XML, Javascripts Escaping.
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
My logic on this one is "a web app is susceptible" meaning it can happen. XSS can't happen with drop downs. So it's not susceptible. But technically you're right in that drop downs would eliminate it, but I'm sticking with B&E here too. Maybe you need user input for something?
Without additional code checks, dropdowns only limit what a user can input with browser. They could still craft a request (with postman/curl) with invalid data.
Exactly this. Press F12 in any browser and edit the dropdown to be a text field. Now you can send any data you want if the server doesn't validate the data
upvoted 1 times
...
...
...
...
This section is not available anymore. Please use the main Exam Page.350-901 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PopLife
Highly Voted 4 years, 6 months ago4a6c58a
Most Recent 7 months, 1 week agoTeringzooi
2 years, 2 months agodesignated
2 years, 3 months ago__al__
2 years, 8 months agoB3nd3cida
3 years, 7 months agoFR99
4 years, 4 months agoendermao
4 years, 2 months agoflambadone
4 years, 2 months agoendermao
4 years, 2 months agokayleen
4 years agoQuiShong
2 years, 6 months ago