PaulDotCom mailing list archives
Re: JS XSS protection library
From: Ryan Dewhurst <ryandewhurst () gmail com>
Date: Wed, 10 Jul 2013 16:38:51 +0200
The OWASP DOM XSS Prevention Cheat Sheet (if you haven't come across it already) lists these: " 1.ESAPI 2.Apache Commons String Utils 3.Jtidy 4.Your company’s custom implementation. Some work on a black list while others ignore important characters like “<” and “>”. ESAPI is one of the few which works on a whitelist and encodes all non-alphanumeric characters. It is important to use an encoding library that understands which characters can be used to exploit vulnerabilies in their respective contexts. Misconceptions abound related to the proper encoding that is required. " - https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet I have no experience with any of them, so can't recommend any. On Sun, Jul 7, 2013 at 8:51 PM, Robin Wood <robin () digininja org> wrote:
Can anyone suggest a JS XSS protection library? Please don't preach they don't work its for a special project so even a bad one will do. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- JS XSS protection library Robin Wood (Jul 10)
- Re: JS XSS protection library Ryan Dewhurst (Jul 13)
- Re: JS XSS protection library Robin Wood (Jul 16)
- Re: JS XSS protection library d4x (Jul 17)
- Re: JS XSS protection library Robin Wood (Jul 17)
- Re: JS XSS protection library Robin Wood (Jul 16)
- Re: JS XSS protection library Ryan Dewhurst (Jul 13)
- Re: JS XSS protection library Martín (Jul 13)
- Re: JS XSS protection library Justin Kelly (Jul 13)