Summit 2011 Working Sessions/Session009/Deliverable 3

From OWASP
Jump to: navigation, search

Deliverable 3

White paper or standard for what we want the web frameworks to provide in terms of XSS defenses. Turning the XSS Prevention Cheat Sheet into a standard/metric for frameworks would be great.

To be filled in.

I'm remote, but just wanted to suggest that Content Security Policy is a significantly game changing technology that it should be discussed also. For CSP to be effective, the Unobtrusive Javascript paradigm must be adopted by the frameworks. This should be part of any recomendation produced by this body.

-Spinkham