Talk:DOM based XSS Prevention Cheat Sheet

ideas from Ryan
FYI – have you see our updated XSS Defense Demo? http://www.modsecurity.org/demo/demo-deny-noescape.html. We are able to dynamically inject eith MentalJS (Gareth Heyes' JS Sandbox), or DOMPurify (Mario's JS/DOM sanitizer). This is pretty bad-ass as a methof or WAFs to help prevent XSS attack surface :) You might want to update your OWASP Top 10 Controls content to mention it during either the XSS or Virtual Patching sections.

current markup
... some text ...

suggested markup
... some text ...