[Owasp-leaders] Sites that won't work without Javascript

Jim Manico jim.manico at owasp.org
Thu Dec 20 20:14:45 UTC 2012


Here is one OWASP attempt to help developers use JavaScript safely.

https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet

I would love any help from the community to make this CS better.

Aloha,
Jim



> If we're going to advice people on JavaScript security we have to do it properly. Which in my book involves Secure EcmaScript (SES), EcmaScript 5 Strict Mode, using CORS instead of jsonp, JavaScript implications of using CSP, and probably a lot more along those lines.
> 
> JSLint has very little to do with security as far as I know. By the way, devs typically prefer JSHint these days.
> 
>    Regards, John
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 



More information about the OWASP-Leaders mailing list