This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:WASS Validate Outputs
From OWASP
Revision as of 04:25, 19 May 2006 by MikeAndrews (talk | contribs)
Validate outputs
Applications continually display outputs either based on, or containing user inputs. Just as important it is to validate data coming into an application, it is necessary to validate outputs to other users.
- The application must encode data when it is outputted so that it does not represent an alternate meaning. Specifically
- All outputs that are derived from user data should be HTML encoded to avoid cross-site scripting vulnerabilities, amongst other potential attacks.
- When error messages are generated, they should not disclose internal application information, or other sensitive data.
This category currently contains no pages or media.