This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Cross-site Scripting (XSS)"
From OWASP
(add XSS using Script Via Encoded URI Schemes) |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
== XSS using Script Via Encoded URI Schemes == | == XSS using Script Via Encoded URI Schemes == | ||
The page mentions XSS using Script Via Encoded URI Schemes, but what are the ways to prevent that? I don't see any matching rule in the cheat sheet. Can some library help? I'm personally interested in a PHP library. | The page mentions XSS using Script Via Encoded URI Schemes, but what are the ways to prevent that? I don't see any matching rule in the cheat sheet. Can some library help? I'm personally interested in a PHP library. | ||
+ | |||
+ | This page is also lacking other XSS vectors, such as CRLF Injection. I (Michael Brooks) would like to add this if there are no objections. |
Latest revision as of 04:50, 30 August 2011
XSS using Script Via Encoded URI Schemes
The page mentions XSS using Script Via Encoded URI Schemes, but what are the ways to prevent that? I don't see any matching rule in the cheat sheet. Can some library help? I'm personally interested in a PHP library.
This page is also lacking other XSS vectors, such as CRLF Injection. I (Michael Brooks) would like to add this if there are no objections.