CRV2 ContextEncHTMLEntity

From OWASP
Revision as of 10:27, 3 October 2013 by EoinKeary (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

HTML elements which contain user controlled data or data from untrusted sourced should be reviewed for contextual output encoding. In the case of HTML entities we need to help ensure HTML Entity Encoding is perfromed:

Example HTML Entity containing untrusted data:

   HTML Body Context
   UNTRUSTED DATA