[Esapi-user] The AJAX issue

Jim Manico jim.manico at owasp.org
Tue Jun 28 08:38:29 EDT 2011


Output Encoding and using safe workflow/functions in JS.

https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet

Jim Manico

On Jun 28, 2011, at 7:30 AM, Normando Macaraeg <nmacaraeg at jaspersoft.com> wrote:

> Hi,
> 
> I don't understand how AJAX complicates input validation/output encoding.
> 
> In the ESAPI book, it says "Ajax and other “rich” applications are complicating this situation."
> 
> The way I see it, even though it's AJAX, it still hits the server as a request, and all requests can be validated.  So where's the complication?
> 
> --norm--
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user


More information about the Esapi-user mailing list