jim.manico at owasp.org
Wed Aug 18 02:30:06 EDT 2010
encoding in a way that is easy to communicate to a mass audience. Abe Kang
has been kind enough to talk me though these issues.
explanation/documentation, and the ESAPI for JS project needs to be
integrated in the XSS Cheatsheet more. Abe thinks there are at least 5 new
XSS Cheatsheet rules specific to DOM XSS - and we will be working on it over
the next few weeks. I love this stuff - the rabbit hole never ends. J
So for starters, we edited rule #3 of the XSS Cheatsheet to briefly discuss
Try this little chunk of JSP out. Run this in Chrome, so you can kill the
never ending popup easily..
you Beef');") %>');
Are we on the right track?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user