HTML5 Canvas
Written by: Simon Sarris
Featured Refcardz: Top Refcardz:
  1. Apache Hadoop
  2. Web Driver
  3. MVVM
  4. REST
  5. ADO.NET
  1. HTML5
  2. Ajax
  3. jQuery Selectors
  4. CSS Part 1
  5. Git
150+ Refcardz Available · Get them all

Link Details

Previous | Next

Surprise Me!
Link 118423 thumbnail
User 111696 avatar

By bloid
via codinghorror.com
Published: Sep 25 2008 / 05:32

Cross-Site Request Forgeries and You
As the web becomes more and more pervasive, so do web-based security vulnerabilities. I talked a little bit about the most common web vulnerability, cross-site scripting, in Protecting Your Cookies: HttpOnly. Although XSS is incredibly dangerous, it's a fairly straightforward exploit to understand. Do not allow users to insert arbitrary HTML on your site. The name of the XSS game is sanitizing user input. If you stick to a whitelist based approach -- only allow input that you know to be good, and immediately discard anything else -- then you're usually well on your way to solving any XSS problems you might have.
Vote up
Vote down
  • 8
  • 0
  • 1247
  • 0
SaveShareSend Tags:

Add your comment


Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.

Voters For This Link (8)



Voters Against This Link (0)