This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Talk:DOM Based XSS

Jump to: navigation, search

I’d really like to find examples of code and malicious input illustrating scenario where ESAPI encodeForHTML wouldn't be sufficient and encodeForHTMLAttribute would remediate vulnerability.