Forum Discussion
nathan
Executive
Based on what you've said, I can't see you needing to do anything special to avoid XSS. There's nothing inherently insecure about making cross-site requests, and you control both the content and the mechanism for displaying it on the page.
I'd recommend getting someone knowledgeable to review the code if you have any concerns about it.
PaoloT
11 years agoLithium Alumni (Retired)
Theoretically even when controlling the source of the data and the logic to display it, one could still think about man in the middle attacks on the data in transit, especially if unencrypted.
Of course it all depends on what the security requirements are, if you have hard security requirements then as nathan suggested a code review or even a pentest may be the best way to proceed.
Related Content
- 4 years ago
- 10 years ago
- 8 years ago