Abridged XSS Prevention Cheat Sheet

= DRAFT CHEAT SHEET - WORK IN PROGRESS = = Introduction =

Cross site scripting is the most common web vulnerability. It represents a serious threat because cross site scripting allows evil attacker code to run in a victim’s browser. This cheat sheet is a derivative work of the XSS (Cross Site Scripting) Prevention Cheat Sheet.

= XSS Prevention =

Safe HTML Attributes include: align, alink, alt, bgcolor, border, cellpadding, cellspacing, class, color, cols, colspan, coords, dir, face, height, hspace, ismap, lang, marginheight, marginwidth, multiple, nohref, noresize, noshade, nowrap, ref, rel, rev, rows, rowspan, scrolling, shape, span, summary, tabindex, title, usemap, valign, value, vlink, vspace, width

= Output Encoding =

= Related Articles =

= Authors and Primary Editors =

Jim Manico - jim [at] owasp.org Jeff Williams - jeff [at] aspectsecurity.com