Vulnerability within a website that allows you to run Javascript code
Can plant code and make others that visit the site run the JS
SQL code submitted as user input
Commonly utilizing 'always true' statements
'OR 1=1; -- [malicious SQL code]
'OR 1=1; -- DROP TABLE
Most cases of attacks have a one point of entry, so SANITIZE YOUR USER INPUT
Never trust the user to use your site correctly
Fuel escapes many tags and SQL code automatically, but it doesn’t hurt to use the Security class for cleaning direct user input!
Earlier in this class we did a todo app with fuel.
Here is an example done in pure php without fuel example
Just download the tar and place it anywhere in your local html.
See what happens when you enter: <script> alert("hello"); </script> into the new todo box.
Luckily fuel handles the input sanitation and recognizes when these attacks are being made.