This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Summit 2011 Working Sessions/Session009/Deliverable 3

Jump to: navigation, search

Deliverable 3

White paper or standard for what we want the web frameworks to provide in terms of XSS defenses. Turning the XSS Prevention Cheat Sheet into a standard/metric for frameworks would be great.

To be filled in.

I'm remote, but just wanted to suggest that Content Security Policy is a significantly game changing technology that it should be discussed also. For CSP to be effective, the Unobtrusive Javascript paradigm must be adopted by the frameworks. This should be part of any recomendation produced by this body.