meteor xss code tampering
https://stackoverflow.com//questions/11655730
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
My main concern is the following :
since meteor is based on JavaScript, it can be changed/tampered @ client side, so what happens if I change or create new collections and start to spam the db will it be only @ client side (memory only) or on both sides i.e: server side too.
is user input is cleaned from xss before the save in the server side ?.
Solution
If you create a new collection on the client side, the server will have no knowledge of this and also will not create the necessary stuff to edit the database server side. The spammed data will only be in the client side memory.
Trees = new Meteor.Collection("boom");
Meteor.Collection
Trees.insert({hi:"hi"});
"4b0d5ff2-058c-4041-849b-ce2e0d548160"
logging.js:30: insert failed: 404 -- Method not found
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
