[Owasp-topten] CSP in XSS

Dave Wichers dave.wichers at owasp.org
Tue May 28 23:04:54 UTC 2013


Dirk,

Thank you for your suggestion.

I made some minor tweaks to your original suggestion on the wiki, and have
made the matching change to the OWASP Top 10 document itself.

I also added a reference to the OWASP Java HTML Sanitizer Project as an
alternative to AntiSamy.

-Dave

-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Dirk Wetter
Sent: Tuesday, May 28, 2013 2:32 PM
To: owasp-topten at lists.owasp.org
Subject: [Owasp-topten] CSP in XSS


Hi folks,

I propose a minor change to the Top 10 list: CSP should be listed as a
countermeasure in the XSS section.

Please find the proposal in the wiki, hoping it'll be included in the final
version.


BR, Dirk



--
German OWASP Board, Conference Chair AppSec EU 2013
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1
_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten



More information about the Owasp-topten mailing list