[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Please review: XSS Defense HOWTO

From: "Ivan Ristic" <ivan.ristic@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Please review: XSS Defense HOWTO
Date: Mon, 14 Jul 2008 17:29:18 +0100

Good point. James Landis said the same thing in the comment on the
blog post (http://blog.modsecurity.org/2008/07/do-you-know-how.html#comment-122243074).

I will write a follow-up post to cover those, then notify the list to discuss.


On Mon, Jul 14, 2008 at 4:29 PM, Andy Steingruebl <steingra@xxxxxxxxx> wrote:
> Ivan,
>
> For 3.1 I think it would be good to have a pointer to how to do this.
> Safe characters vary by where they land on a page.  While you
> obviously don't want to contain all of the data in one small post, a
> number of extra pointers and references would be excellent.
>
> - Andy
>
> On Mon, Jul 14, 2008 at 4:34 AM, Ivan Ristic <ivan.ristic@xxxxxxxxx> wrote:
>> I was looking for a complete and concise guide to writing code secure
>> against XSS, and when I couldn't find one I decided to write it
>> myself. It was a spur of the moment thing and is available on the
>> ModSecurity Blog:
>>
>> http://blog.modsecurity.org/2008/07/do-you-know-how.html
>>
>> I want to make sure all the angles are covered. Did I miss anything?
>>
>> I am aware there's plenty of room for additional detail, but I'd like
>> to keep the blog post almost as a check list.
>>
>> --
>> Ivan Ristic
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/archive/
>>
>> Subscribe via RSS:
>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>> Join WASC on LinkedIn
>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>
>
>
>
> --
> Andy Steingruebl
> steingra@xxxxxxxxx
>



-- 
Ivan Ristic

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] Please review: XSS Defense HOWTO
  - From: Ivan Ristic
- Re: [WEB SECURITY] Please review: XSS Defense HOWTO
  - From: Andy Steingruebl

Prev by Date: Re: [WEB SECURITY] Please review: XSS Defense HOWTO
Next by Date: Re: [WEB SECURITY] what are the rules for SSNs?
Previous by thread: Re: [WEB SECURITY] Please review: XSS Defense HOWTO
Next by thread: [WEB SECURITY] Nice little XSS trick
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site