When developing dynamic web pages in LabKey Server, you should be careful not to introduce unintentional security problems that might allow malicious users to gain unauthorized access to data or functionality.
This topic contains some examples and best practice advice.
Common Security Risks
The following booklet provides a quick overview of the ten most critical web application security risks that developers commonly introduce:https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
To HTML-encode text, use the following function from LABKEY.Utils, which is always available to you in a LabKey wiki page or view. For example:
var myValue = ...value from input control...
var myValueEncoded = LABKEY.Utils.encodeHtml(myValue);
// Display encoded value:
document.getElementById("myDiv").innerHTML = myValueEncoded;
For more information on web development and security risks, see the following site:http://www.owasp.org/index.php/Main_Page