This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Talk:Cross-site Scripting (XSS)

Revision as of 04:50, 30 August 2011 by Michael Brooks (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

XSS using Script Via Encoded URI Schemes

The page mentions XSS using Script Via Encoded URI Schemes, but what are the ways to prevent that? I don't see any matching rule in the cheat sheet. Can some library help? I'm personally interested in a PHP library.

This page is also lacking other XSS vectors, such as CRLF Injection. I (Michael Brooks) would like to add this if there are no objections.