Use `htmlspecialchars($_POST[&#39;firstname&#39;])` and `htmlspecialchars($_POST[&#39;content&#39;])`.

Always escape strings with [`htmlspecialchars()`](http://php.net/htmlspecialchars) before showing them to the user.

[htmlspecialchars][1] would work in both cases. Have a look at the different flag options to avoid quotation marks being a problem in the `input` case.


  [1]: http://fi2.php.net/manual/en/function.htmlspecialchars.php

Given it is kinda long I would put it in a function

    &lt;?PHP
    function encodeValue ($s) {
        return htmlentities($s, ENT_COMPAT|ENT_QUOTES,&#39;ISO-8859-1&#39;, true); 
    }
    ?&gt;

This has **ENT_QUOTES** to make sure single and double quotes are encoded, but it will also **encode special characters** (Like in Jos&#233;) instead of inserting an empty string.

Then you can do:

    &lt;input type=&quot;text&quot; name=&quot;firstname&quot; value=&quot;&lt;?= encodeValue($_POST[&#39;firstname&#39;]) ?&gt;&quot; /&gt;

and

    &lt;textarea name=&quot;content&quot;&gt;&lt;?= encodeValue($_POST[&#39;content&#39;]) ?&gt;&lt;/textarea&gt;

I have a couple of jobs that use a shared resource (database), which sometimes can cause builds to fail in the (rare) event that the jobs happen to get triggered simultaneously. 

Given jobs A through E, for example, is there any way to specify that A and C **should never be run concurrently**?

Other than the aforementioned resource, the builds are independent of each other (not e.g. in a upstream/downstream relation).

A &quot;brute-force&quot; way would be limiting number of executors to one, but that obviously is less than ideal if most jobs could well be executed concurrently and there&#39;s no lack of computing resources on the build server.

How to prevent certain Jenkins jobs from running simultaneously?

I have the following menu layout in my Android app:


    &lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
    &lt;menu xmlns:android=&quot;http://schemas.android.com/apk/res/android&quot;&gt;
        &lt;item android:id=&quot;@+id/item1&quot; 
              android:titleCondensed=&quot;Options&quot;
	          android:title=&quot;Highlight Options&quot; 
              android:icon=&quot;@android:drawable/ic_menu_preferences&quot; /&gt;

       &lt;item android:id=&quot;@+id/item2&quot; 
             android:titleCondensed=&quot;Persist&quot;
	         android:title=&quot;Persist&quot; 
             android:icon=&quot;@android:drawable/ic_menu_preferences&quot; 
             android:checkable=&quot;true&quot; /&gt;
    &lt;/menu&gt;

My problem is that the second menu item doesn&#39;t appear to be &quot;checkable&quot; when I run my app in the Android emulator. There should be a green tick about the item, right? To indicate that its checkable. 

Am I doing something wrong? 




Android Checkable Menu Item

Given the following two HTML/PHP snippets:

    &lt;input type=&quot;text&quot; name=&quot;firstname&quot; value=&quot;&lt;?php echo $_POST[&#39;firstname&#39;]; ?&gt;&quot; /&gt;

and

    &lt;textarea name=&quot;content&quot;&gt;&lt;?php echo $_POST[&#39;content&#39;]; ?&gt;&lt;/textarea&gt;

what character encoding do I need to use for the echoed `$_POST` variables? Can I use any built-in PHP functions?

Please assume that the `$_POST` values have not been encoded at all yet. No magic quotes - no nothing.




How can I properly escape HTML form input default values in PHP?

Given the following two HTML/PHP snippets:
<pre><code class="hljs language-php-template">&#x3C;input type="text" name="firstname" value="&#x3C;?php echo $_POST['firstname']; ?>" />
</code></pre>
and
<pre><code class="hljs language-php-template">&#x3C;textarea name="content">&#x3C;?php echo $_POST['content']; ?>&#x3C;/textarea>
</code></pre>
what character encoding do I need to use for the echoed <code>$_POST</code> variables? Can I use any built-in PHP functions?
Please assume that the <code>$_POST</code> values have not been encoded at all yet. No magic quotes - no nothing.

I have a PHP file that is sometimes called from a page that has started a session and sometimes from a page that doesn&#39;t have session started. Therefore when I have `session_start()` on this script I sometimes get the error message for &quot;session already started&quot;. For that I&#39;ve put these lines:

    if(!isset($_COOKIE[&quot;PHPSESSID&quot;]))
    {
      session_start();
    }

but this time I got this warning message:

&gt; Notice: Undefined variable: _SESSION 

Is there a better way to check if session has already started?

If I use `@session_start` will it make things work properly and just shut up the warnings?

Check if PHP session has already started

I started using PHP a couple of months ago. For the sake of creating a login system for my website, I read about cookies and sessions and their differences (cookies are stored in the user&#39;s browser and sessions on the server). At that time, I preferred cookies (and who does not like cookies?!) and just said: &quot;who cares? I don&#39;t have any good deal with storing it in my server&quot;, so, I went ahead and used cookies for my bachelor graduation project. However, after doin&#39; the big part of my app, I heard that for the particular case of storing user&#39;s ID, sessions are more appropriate. So I started thinking about what would I say if the jury asks me why have you used cookies instead of sessions? I have just that reason (that I do not need to store internally information about the user). Is that enough *as a reason*? or it&#39;s more than that? 
&lt;br/&gt;Could you please tell me about advantages/disadvantages of using cookies for keeping User&#39;s ID?

Thanks for you all in StackOverflow!

Cookies vs. sessions

I have this code to create and update xml file:

    &lt;?php
    $xmlFile    = &#39;config.xml&#39;;
    $xml        = new SimpleXmlElement(&#39;&lt;site/&gt;&#39;);
    $xml-&gt;title = &#39;Site Title&#39;;
    $xml-&gt;title-&gt;addAttribute(&#39;lang&#39;, &#39;en&#39;);
    $xml-&gt;saveXML($xmlFile);
    ?&gt;

This generates the following xml file:

    &lt;?xml version=&quot;1.0&quot;?&gt;
    &lt;site&gt;
      &lt;title lang=&quot;en&quot;&gt;Site Title&lt;/title&gt;
    &lt;/site&gt;

The question is: is there a way to add CDATA with this method/technique to create xml code below?

    &lt;?xml version=&quot;1.0&quot;?&gt;
    &lt;site&gt;
      &lt;title lang=&quot;en&quot;&gt;&lt;![CDATA[Site Title]]&gt;&lt;/title&gt;
    &lt;/site&gt;

How to write CDATA using SimpleXmlElement?

I am writing some JavaScript code that uses a string rendered with PHP. How can I escape single quotes (and only single quotes) in my PHP string?

    &lt;script type=&quot;text/javascript&quot;&gt;
        $(&#39;#myElement&#39;).html(&#39;say hello to &lt;?php echo $mystringWithSingleQuotes ?&gt;&#39;);
    &lt;/script&gt;

  [1]: http://pl.php.net/manual/en/function.str-replace.php
  [2]: http://pl.php.net/manual/en/function.json-encode.php


How do I escape only single quotes?

Since [POSIX regular expressions (ereg)](http://php.net/regex) are deprecated since PHP 5.3.0, I&#39;d like to know an easy way to convert the old expressions to [PCRE (Perl Compatible Regular Expressions) (preg)](http://php.net/pcre).

Per example, I have this regular expression:

    eregi(&#39;^hello world&#39;);

How can I translate expressions into `preg_match` compatible expressions?

&gt; ***Note:* This post serves as a placeholder for all posts related to conversion from ereg to preg, and as a duplicate options for related questions.** Please do not close this question.
&gt;
&gt; **Related:**  
&gt;
&gt; * [How to change PHP&#39;s eregi to preg_match](https://stackoverflow.com/q/1374881/367456)
&gt; * [Changing ereg_replace to equivalent preg_replace](https://stackoverflow.com/questions/6269693/changing-ereg-replace-to-equivalent-preg-replace)  

How can I convert ereg expressions to preg in PHP?

I am using dotted style border in my box like

    .box {
        width: 300px;
        height: 200px;
        border: dotted 1px #f00;
        float: left;
    }

I want to the increase the space between each dot of the border.

How to increase space between dotted border dots

So I have a table with this style:

    table-layout: fixed;

Which makes all columns to be of the same width. I would like to have one column (the first one) to be wider and then rest of the columns to occupy the remaining width of the table with equal widths.

How to achieve that?

&lt;!-- begin snippet: js hide: false --&gt;

&lt;!-- language: lang-css --&gt;

    table {
      border-collapse: collapse;
      width: 100%;
      border: 1px solid black;
      background: #ddd;
      table-layout: fixed;
    }

    table th, table td {
      border: 1px solid #000;
    }

    table td.wideRow, table th.wideRow {
      width: 300px;
    }

&lt;!-- language: lang-html --&gt;

    &lt;table class=&quot;CalendarReservationsBodyTable&quot;&gt;
      &lt;thead&gt;
        &lt;tr&gt;
          &lt;th colspan=&quot;97&quot;&gt;Rezervovane auta&lt;/th&gt;
        &lt;/tr&gt;
        &lt;tr&gt;
          &lt;th class=&quot;corner wideRow&quot;&gt;Auto&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;0&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;1&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;2&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;3&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;4&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;5&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;6&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;7&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;8&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;9&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;10&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;11&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;12&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;13&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;14&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;15&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;16&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;17&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;18&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;19&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;20&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;21&lt;/th&gt;
          &lt;th class=&quot;odd&quot; colspan=&quot;4&quot;&gt;22&lt;/th&gt;
          &lt;th class=&quot;&quot; colspan=&quot;4&quot;&gt;23&lt;/th&gt;
        &lt;/tr&gt;
      &lt;/thead&gt;
      &lt;tbody&gt;
        &lt;tr&gt;
          &lt;td class=&quot;alignRight wideRow&quot;&gt;KE-260 FC - Octavia combi&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td colspan=&quot;16&quot; class=&quot;highlighted borderLeft&quot; title=&quot;Richard Knop&quot;&gt;
            Richard Knop
          &lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td colspan=&quot;14&quot; class=&quot;highlighted&quot; title=&quot;Richard Knop&quot;&gt;
            Richard Knop
          &lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot; borderLeft&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;&quot;&gt;&lt;/td&gt;
          &lt;td class=&quot;odd&quot;&gt;&lt;/td&gt;
        &lt;/tr&gt;
      &lt;/tbody&gt;
    &lt;/table&gt;

&lt;!-- end snippet --&gt;

jsfiddle: http://jsfiddle.net/6p9K3/

Notice the first column, I want it to be `300px` wide.

Table with table-layout: fixed; and how to make one column wider

Is there a quick way to create an input text element with an icon on the right to clear the input element itself (like the google search box)?

I looked around but I only found how to put an icon as background of the input element. Is there a jQuery plugin or something else?

I want the icon inside the input text element, something like:

    --------------------------------------------------
    |                                               X|
    --------------------------------------------------


Clear icon inside input text

I have this text input in a form:

    &lt;input type=&quot;text&quot;
           cols=&quot;40&quot; 
           rows=&quot;5&quot; 
           style=&quot;width:200px; height:50px;&quot; 
           name=&quot;Text1&quot; 
           id=&quot;Text1&quot; 
           value=&quot;&quot; /&gt;

I am trying to get it to take multiple lines of input. The width and height make the box to be bigger, but the user can enter text all (s)he wants yet it fills one line only. 

How do I make the input more like a textarea?

Multiple lines of input in &lt;input type=&quot;text&quot; /&gt;

I have the following piece of code in a file that I opened in `Vim`:

    &lt;p&gt;Hello stackoverflow!&lt;/p&gt;

How can I delete `&lt;p&gt;` and `&lt;/p&gt;` tags but keep the contents between them? That is, what should I press to end with:

    Hello stackoverflow!

I know pressing &lt;kbd&gt;d&lt;/kbd&gt; &lt;kbd&gt;i&lt;/kbd&gt; &lt;kbd&gt;t&lt;/kbd&gt; will do opposite.

I&#39;m using [Janus][1].


  [1]: https://github.com/carlhuda/janus

How to delete HTML tags, not the contents in Vim

Philosophical question: 

Say I&#39;ve got a web app that *requires* javascript and a modern browser, so progressive enhancement is not an issue. If my form is being built via javascript, and my data updates are all being done via ajax POSTs &amp; PUTs, is there really any reason to wrap my controls in a form tag? If I&#39;m still going to use the tag, say for semantic or structural reasons, is there any reason to have action and method params that I&#39;m going to ignore? It kind of feels like a hold-over from an earlier era to me.

Why use a form tag when you&#39;re submitting via ajax?

I have a simple form that submits text to my SQL table. The problem is that after the user submits the text, they can refresh the page and the data gets submitted again without filling the form again. I could redirect the user to another page after the text is submitted, but I want users to stay on the same page.

I remember reading something about giving each user a unique session id and comparing it with another value which solved the problem I am having but I forgot where it is.

How to prevent form resubmission when page is refreshed (F5 / CTRL+R)

Simple question: Is it possible to get all the data POSTed to a page, even if you don&#39;t know all the fields?

For example, I want to write a simple script that collects any POSTed data and emails it. I can foresee that the fields in the form are likely to change a lot over time, and so to save myself some time in the long run, I was wondering if I could write something that automatically gathered everything?

Is it possible?

PHP: Possible to automatically get all POSTed data?

I want to clear all input and textarea fields in a form. It works like the following when using an input button with the `reset` class:

    $(&quot;.reset&quot;).bind(&quot;click&quot;, function() {
      $(&quot;input[type=text], textarea&quot;).val(&quot;&quot;);
    });

This will clear all fields on the page, not just the ones from the form. How would my selector look like for just the form the actual reset button lives in?

Clear form fields with jQuery

For a simple form with an alert that asks if fields were filled out correctly, I need a function that does this:

 - Shows an alert box when button is clicked with two options:

  - If &quot;OK&quot; is clicked, the form is submitted
  - If cancel is clicked, the alert box closes and the form can be adjusted and resubmitted

I think a JavaScript confirm would work but I can&#39;t seem to figure out how.

The code I have now is:

&lt;!-- begin snippet: js hide: false console: true babel: false --&gt;

&lt;!-- language: lang-js --&gt;

    function show_alert() {
      alert(&quot;xxxxxx&quot;);
    }

&lt;!-- language: lang-html --&gt;

    &lt;form&gt;
      &lt;input type=&quot;image&quot; src=&quot;xxx&quot; border=&quot;0&quot; name=&quot;submit&quot; onclick=&quot;show_alert();&quot; alt=&quot;PayPal - The safer, easier way to pay online!&quot; value=&quot;Submit&quot;&gt;
    &lt;/form&gt;

&lt;!-- end snippet --&gt;



JavaScript Form Submit - Confirm or Cancel Submission Dialog Box

I have a web application built on JSF with MySQL as DB. I have already implemented the code to prevent CSRF in my application.

Now since my underlying framework is JSF, I guess I don&#39;t have to handle XSS attack as it is already handled by `UIComponent`. I am not using any JavaScript in any of the view pages. Even if I use do I really need to implement code to prevent XSS attacks?

For DB we are using prepared statements and stored procedures in all DB interactions.

Is there anything else needs to be handled for preventing these 3 common attacks?
I have already been through the [OWASP][1] site and their [cheat sheets][2].

Do I need to take care of any other potential attack vectors?
            


  [1]: http://www.owasp.org/
  [2]: https://www.owasp.org/index.php/Java_Server_Faces

CSRF, XSS and SQL Injection attack prevention in JSF

I was trying to hit a web service on a different domain using jQuery&#39;s ajax method.  After doing some research it looks like it does not allow this is by design to prevent cross site scripting.  

I came across a work around which was to include this line:

    $.support.cors = true;

at the top of my javascript code.  From what I understand this enables cross site scripting in jQuery.

Does having this line of code make my site more vulnerable to attack?  I&#39;ve always heard XSS discussed as a security issue, are there legitimate uses for XSS?

Is it safe to use $.support.cors = true; in jQuery?

So I&#39;ve been toying around with HTTP for fun in telnet now (i.e. just typing in `telnet google.com 80` and putting in random GETs and POSTs with different headers and the like) but I&#39;ve come across something that google.com transmits in it&#39;s headers that I don&#39;t know.

I&#39;ve been looking through http://www.w3.org/Protocols/rfc2616/rfc2616.html and have found no definition for this particular http-header that google seems to be spouting out:


    GET / HTTP/1.1
    
    HTTP/1.1 200 OK
    Date: Wed, 01 Feb 2012 03:42:24 GMT
    Expires: -1
    Cache-Control: private, max-age=0
    Content-Type: text/html; charset=ISO-8859-1
    Set-Cookie: PREF=ID=6ddbc0a0342e7e63:FF=0:TM=1328067744:LM=1328067744:S=4d4farvCGl5Ww0C3; expires=Fri, 31-Jan-2014 03:42:24 GMT; path=/; domain=.google.com
    Set-Cookie: NID=56=PgRwCKa8EltKnHS5clbFuhwyWsd3cPXiV1-iXzgyKsiy5RKXEKbg89gWWpjzYZjLPWTKrCWhOUhdInOlYU56LOb2W7XpC7uBnKAjMbxQSBw1UIprzw2BFK5dnaY7PRji; expires=Thu, 02-Aug-2012 03:42:24 GMT; path=/; domain=.google.com; HttpOnly
    P3P: CP=&quot;This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&amp;answer=151657 for more info.&quot;
    Server: gws
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    Transfer-Encoding: chunked
    
    1000

Anyone know what `X-XSS-Protection` is?




What is the http-header &quot;X-XSS-Protection&quot;?

I have unescaped data from users. 

So is it safe to use like this:

    var data = &#39;&lt;test&gt;a&amp;f&quot;#&lt;/test&gt;&#39;; // example data from ajax response
    if (typeof(data) === &#39;string&#39;)
        $(&#39;body&#39;).text(data);

Can I use like this or there is some problems like encoding or some specific symbols that I should be careful and add more strict validation?

Is jQuery .text() method XSS safe?

I read this on the React tutorial. What does this mean? 

&gt; React is safe. We are not generating HTML strings so XSS protection is the default.

How do XSS attacks work if React is safe? How is this safety achieved?

Content Type	Original Author	Original Content on Stackoverflow
Question	Ryan	View Question on Stackoverflow
Solution 1 - Php	rid	View Answer on Stackoverflow
Solution 2 - Php	Niklas	View Answer on Stackoverflow
Solution 3 - Php	Eric	View Answer on Stackoverflow

How can I properly escape HTML form input default values in PHP?

Php Problem Overview

Php Solutions

Solution 1 - Php

Solution 2 - Php

Solution 3 - Php

Android Checkable Menu Item

How to prevent certain Jenkins jobs from running simultaneously?

Attributions