[Owasp-leaders] Query Parameterization Examples

Achim achim at owasp.org
Fri Nov 18 05:51:27 EST 2011


I was thinking about adding URL-encoding for HTTP headers,
but I'm not sure if this makes a lot sense in a XSS Cheat Sheet.

Any thoughts?
Achim

Am 17.11.2011 21:01, schrieb Jim Manico:
> I was very specific in the abridged XSS Cheatsheet NOT to mention ESAPI
> and only talk about Encoding in a generic fashion.
> 
> https://www.owasp.org/index.php/Abridged_XSS_Prevention_Cheat_Sheet#Output_Encoding_Types
> 
> Anyone who can help make this encoding chart better, I'd be grateful for
> your help.
> 
> - Jim
> 
>> So how do you escape apart from using esapi??? 
>> Ala the xss cheatsheet fork???
>>
>>
>>  
>>
>> On 17 Nov 2011, at 18:59, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Hello,
>>>
>>> I'm putting together a "quick reference" page that shows how to do
>>> query parameterization in as many web languages as possible.
>>>
>>> I have Java and .NET covered, but if you have a good query
>>> parameterization code snippet in any other language, can you please
>>> send it my way? I'll be sure to publish all results on OWASP.org soon.
>>>
>>> Thanks all,
>>>
>>> --
>>> Jim Manico
>>> (808) 652-3805
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 



More information about the OWASP-Leaders mailing list