[Owasp-topten] CSP in XSS

Jim Manico jim.manico at owasp.org
Wed May 29 01:56:31 UTC 2013


+1 Thank you for that, Dave.

--
Jim Manico
@Manicode
(808) 652-3805

On May 28, 2013, at 7:05 PM, Dave Wichers <dave.wichers at owasp.org> wrote:

> Dirk,
>
> Thank you for your suggestion.
>
> I made some minor tweaks to your original suggestion on the wiki, and have
> made the matching change to the OWASP Top 10 document itself.
>
> I also added a reference to the OWASP Java HTML Sanitizer Project as an
> alternative to AntiSamy.
>
> -Dave
>
> -----Original Message-----
> From: owasp-topten-bounces at lists.owasp.org
> [mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Dirk Wetter
> Sent: Tuesday, May 28, 2013 2:32 PM
> To: owasp-topten at lists.owasp.org
> Subject: [Owasp-topten] CSP in XSS
>
>
> Hi folks,
>
> I propose a minor change to the Top 10 list: CSP should be listed as a
> countermeasure in the XSS section.
>
> Please find the proposal in the wiki, hoping it'll be included in the final
> version.
>
>
> BR, Dirk
>
>
>
> --
> German OWASP Board, Conference Chair AppSec EU 2013
> http://appsec.eu/       |                 @appseceu
> skype://drwetter.de     |      tel:+49-40-2442035-1
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten


More information about the Owasp-topten mailing list