[Owasp-leaders] Query Parameterization Examples

Abraham Kang abraham.kang at owasp.org
Fri Nov 18 11:47:11 EST 2011


You can do XSS with HTTP Header Injection so don't see why not.

Regards,
Abe

On Fri, Nov 18, 2011 at 2:51 AM, Achim <achim at owasp.org> wrote:

> I was thinking about adding URL-encoding for HTTP headers,
> but I'm not sure if this makes a lot sense in a XSS Cheat Sheet.
>
> Any thoughts?
> Achim
>
> Am 17.11.2011 21:01, schrieb Jim Manico:
> > I was very specific in the abridged XSS Cheatsheet NOT to mention ESAPI
> > and only talk about Encoding in a generic fashion.
> >
> >
> https://www.owasp.org/index.php/Abridged_XSS_Prevention_Cheat_Sheet#Output_Encoding_Types
> >
> > Anyone who can help make this encoding chart better, I'd be grateful for
> > your help.
> >
> > - Jim
> >
> >> So how do you escape apart from using esapi???
> >> Ala the xss cheatsheet fork???
> >>
> >>
> >>
> >>
> >> On 17 Nov 2011, at 18:59, Jim Manico <jim.manico at owasp.org> wrote:
> >>
> >>> Hello,
> >>>
> >>> I'm putting together a "quick reference" page that shows how to do
> >>> query parameterization in as many web languages as possible.
> >>>
> >>> I have Java and .NET covered, but if you have a good query
> >>> parameterization code snippet in any other language, can you please
> >>> send it my way? I'll be sure to publish all results on OWASP.org soon.
> >>>
> >>> Thanks all,
> >>>
> >>> --
> >>> Jim Manico
> >>> (808) 652-3805
> >>> _______________________________________________
> >>> OWASP-Leaders mailing list
> >>> OWASP-Leaders at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111118/e5906fdc/attachment-0001.html 


More information about the OWASP-Leaders mailing list