[Owasp-leaders] Abridged XSS Cheat Sheet

psiinon psiinon at gmail.com
Wed Nov 16 04:16:03 EST 2011


Looks great, and I think its exactly what OWASP should be producing.
It shouldnt claim to be 'all you need to know' about XSS, but it doesnt so
thats not a problem.
Its short, sweet, to the point, very useful and has links to more info.
So I strongly support this.

You could maybe stress that is just a summary / lookup table and that
people should look at the full XSS page for more info, but thats a very
minor point.



On Wed, Nov 16, 2011 at 3:09 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Folks,
> I've been working on a different "view" of XSS Defense mechanism which
> I've posted here
> https://www.owasp.org/index.php/Abridged_XSS_Prevention_Cheat_Sheet
> My goal is to build a "traditional" short-form developer cheat sheet in
> the style of http://devcheatsheet.com
> This is an alternate view of
> https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
> I though this was a cool idea, but it's ruffling feathers and I've been
> asked specifically NOT to do this.
> Help please. :)
> Do you find this to be valuable?
> Do you think this undermines the work of the current XSS Prevention
> Cheat Sheet?
> Do you think one method is more/digestible than the other?
> Do you think both of these are of value?
> Any feedback is appreciated.
> --
> Jim Manico
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
> jim at owasp.org
> www.owasp.org
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111116/ab563748/attachment.html 

More information about the OWASP-Leaders mailing list