XSS injection question

I’m creating a very simple website that will use ChatGPTs api. I want to display the content I get from the api in a nice looking way so I figured I could just have ChatGPT add html-tags. However I came to realize that to display what I get back I need to set the response to “safe”. I e it just runs it, this is as I’ve come to understand a risk for XSS injection. How big risk is this? I feel like there’s not very likely I’d get bad code from the api but I cannot say that for sure.
CF
Cyber Forum204d ago
Post created!
🔎 This post has been indexed in our web forum and will be seen by search engines so other users can find it outside Discord 🕵️ Your user profile is private by default and won't be visible to users outside Discord, if you want to be visible in the web forum you can add the "Public Forum Profile" role in <id:customize> ✅ You can mark a message as the answer for your post with Right click -> Apps -> Mark Solution (if you don't see the option, try refreshing Discord with Ctrl + R)
From An unknown user
D
DirtyJ204d ago
Just to make sure I'm on the same page, you're getting a response from ChatGPT that you'd like to display in a web app, so you asked ChatGPT to add HTML formatting. If that's the case, you can ensure the response is thoroughly sanitized (both server-side and client-side) to harden that specific request's displaying against XSS attacks. In addition, take a look through the OWASP cheat sheet for XSS: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Cross Site Scripting Prevention - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.
D
DirtyJ204d ago
If you can provide some more info about the specific environment you're developing in, I might know of some libraries to help with that
D
d0kefish204d ago
Yes ( this might be a stupid solution) I’m using python/Django
D
DirtyJ204d ago
Here's some Python info from Snyk: https://go.snyk.io/rs/677-THP-415/images/Python_Cheatsheet_whitepaper.pdf Looks like they describe using bleach for sanitization in there: https://github.com/mozilla/bleach
D
d0kefish204d ago
I’ll dig into this, thank you One more angle on this. Is an xss attack a risk for the host or is it more towards the user seeing it?
D
DirtyJ204d ago
XSS is primarily executed on a site's users as they interact with the application. However, XSS can be combined with other techniques for privilege escalation, and in environments with enough actionable vulnerabilities, a threat actor could potentially escalate privileges and move around until they get where they want to be
D
d0kefish204d ago
The site works as the user requests an answer basically and I’m thinking if the trick ChatGPT to somehow send back something malicious it would only be displayed to themselves But removing it limiting it as far as possible is probably the better way
More Posts
munmap_chunk() : invalid pointer error in client server codeHello, I am doing a project on client server using socket programming in c++ using aes encryption anDJVU RansomHello, I am having a really big problem, yesterday my PC got hacked and all of my files have been enResolve /app in Flatpak's /proc/<pid/mapsHello, guys. I really need some help here, I have asked this in so many places and have never gottenvirus not getting detected svchost.exe filei have a virus on my computer, its not getting detected by Kaspersky, windows defender or virustotalHello everyoneI need access to a bot's steam accountSnort Struggles: How to detect the FTP service name?I am muddling through learning Snort and feeling a bit daft. I'm trying to write a rule that allows Hi there, I am having an issue with my instagram account, its hacked. can you help with this.Hi there, I am here to bring this into your notice that my account is hacked few days ago. i can't rNeed some help answering this questionI have answered it but It's mostly wrong im pretty sure would just appreciate someone to help me outIdk if im wording this right.I was wondering if someone could kinda guide or teach me a little about code stuff. Maybe just enoughow to set up a proxy?So im living here in Delhi, India and I have wifi connection in Mumbai, india how can I use that wifNeed help choosing what to do for my future in cybersecurity (PLEASE READ)Im a full time college student getting my bachelors in IT and cyber , i do 40 hrs a week in college,hello i'm violet how can i learn cybersequrityEthical Hacking ReportI want someone to look through this please and give me suggests on improvementsI wanna learn ethical hackingHi, i cant disclose my name because i dont want to but you can refer me as unknown. I have some knowwanting to learn Cyber securityHI my name is sal, and i wanted to ask if any know someone and is a mentor on teaching me cyber secuAdvices on data confidentiality & treatment in Management System Tool of corporationManagement System Tool is basically covered with the documents of transactions, initiatives, and sugOSI Model Layers QuestionSo I mostly get the OSI model I understand the basics of, for isntance, FTP, HTTP, DNS, TCP/IP, etc.career questionHello, maybe this is not the appropriate topic to ask on the server, I'm sorry in advance but I needAbout hackingI have done all the things at own but, i am not able to figure it out to how i can gear up my skill Need help with nwfilter part of libvirt VM packageI'm really bad at subnetting i think i overwrote 255.255.0.0 with 255.255.255.0, i'm a bit confused