Cross Site Scripting (XSS) Software Attack

Not strictly on this topic but might be worth mentioning the following - if nothing else to remind people to check their own parsing and security. It’s still not uncommon to find issues with this across an application…:

(The following is a small selection of “varieties” - some have appeared elsewhere on this forum, see later)

10542519 - ; DROP TABLE “COMPANIES”;-- LTD - A classic! - [NAME AVAILABLE ON REQUEST FROM COMPANIES HOUSE] overview - Find and update company information - GOV.UK
11678385 - BETTS & AMP; TWINE LTD - HTML entities - the name as you receive it via the API actually has no space between the & and the “AMP;” but (a) you can’t type that straight in here as the forum converts to a single “&” and (b) looks ok on the CH site (so - as mentioned before / above - CH may not have this right) - BETTS & TWINE LTD overview - Find and update company information - GOV.UK
08804157 - SAFDASD & SFSAF ' SFDAASF" LTD - Backslashes and quotes - SAFDASD & SFSAF \' SFDAASF\" LTD overview - Find and update company information - GOV.UK

A good collection appear in this thread:
https://forum.aws.chdev.org/t/company-name-reg-ex-pattern/2072