[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Please review: XSS Defense HOWTO
- From: "Andy Steingruebl" <steingra@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] Please review: XSS Defense HOWTO
- Date: Mon, 14 Jul 2008 08:29:21 -0700
Ivan,
For 3.1 I think it would be good to have a pointer to how to do this.
Safe characters vary by where they land on a page. While you
obviously don't want to contain all of the data in one small post, a
number of extra pointers and references would be excellent.
- Andy
On Mon, Jul 14, 2008 at 4:34 AM, Ivan Ristic <ivan.ristic@xxxxxxxxx> wrote:
> I was looking for a complete and concise guide to writing code secure
> against XSS, and when I couldn't find one I decided to write it
> myself. It was a spur of the moment thing and is available on the
> ModSecurity Blog:
>
> http://blog.modsecurity.org/2008/07/do-you-know-how.html
>
> I want to make sure all the angles are covered. Did I miss anything?
>
> I am aware there's plenty of room for additional detail, but I'd like
> to keep the blog post almost as a check list.
>
> --
> Ivan Ristic
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
--
Andy Steingruebl
steingra@xxxxxxxxx
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|