APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Best Way to Escape Special Characters prior to Storing Data

Tony FatourosOct 28 2016 — edited Oct 31 2016

Hi,

Currently using Oracle APEX v4.2 with Oracle 11g R2 DB.

I've basically been assigned to prevent Cross Site Scripting (XSS) within an Oracle APEX application, specifically when it comes to input type fields such as text and textareas fields.

An example of XSS that I don't want stored in the database would something like this:

<script>alert("XSS")</script>

Based on this, what would might be the best possible way to escape these types of special characters if say I had around ten text items that a user could enter XSS in, on an Oracle APEX page, when submitted?

I'm thinking a global computation or perhaps a database trigger or something within the actual page of the ten text input items.

Any ides/help would be great.

Thanks.

Tony.

Locked Post

New comments cannot be posted to this locked post.

Locked on Nov 28 2016

Added on Oct 28 2016

#apex-discussions

5 comments

945 views