Difference between revisions of "Talk:Cross-site Scripting (XSS)"

From OWASP
Jump to: navigation, search
(add XSS using Script Via Encoded URI Schemes)
 
Line 1: Line 1:
 
== XSS using Script Via Encoded URI Schemes ==
 
== XSS using Script Via Encoded URI Schemes ==
 
The page mentions XSS using Script Via Encoded URI Schemes, but what are the ways to prevent that? I don't see any matching rule in the cheat sheet. Can some library help? I'm personally interested in a PHP library.
 
The page mentions XSS using Script Via Encoded URI Schemes, but what are the ways to prevent that? I don't see any matching rule in the cheat sheet. Can some library help? I'm personally interested in a PHP library.
 +
 +
This page is also lacking other XSS vectors, such as CRLF Injection.  I would like to add this if there are no objections.

Revision as of 23:50, 29 August 2011

XSS using Script Via Encoded URI Schemes

The page mentions XSS using Script Via Encoded URI Schemes, but what are the ways to prevent that? I don't see any matching rule in the cheat sheet. Can some library help? I'm personally interested in a PHP library.

This page is also lacking other XSS vectors, such as CRLF Injection. I would like to add this if there are no objections.