mirror/ctemplate
1
0
Fork 0
mirror of https://github.com/OlafvdSpek/ctemplate.git synced 2025-09-28 19:05:49 +08:00
Code Issues Releases Wiki Activity
1baad884af
ctemplate/doc/xss_resources.html
csilvers 6f7d6f6754 Tue Jan 24 16:00:51 2012 Google Inc. <google-ctemplate@googlegroups.com> 
* ctemplate: version 2.0 release
        * Changed the 'official' ctemplate email in setup.py/etc
        * Rewrote docs to refer to Ctemplate, not Google Template
        * Renamed google-ctemplate.sln to ctemplate.sln
        * Changed copyright text to reflect Google's relinquished ownership
2012-01-25 01:28:24 +00:00

72 lines
2.3 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Cross-Site Scripting Resources</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="designstyle.css" type="text/css" rel="stylesheet">
<style type="text/css">
<!--
ol.bluelist li {
color: #3366ff;
font-family: sans-serif;
}
ol.bluelist li p {
color: #000;
font-family: "Times Roman", times, serif;
}
ul.blacklist li {
color: #000;
font-family: "Times Roman", times, serif;
}
//-->
</style>
</head>
<body>
<h1> <a name="XSS_Resources"></a>Cross-Site Scripting Resources</h1>
<center><strong>Status: Current</strong> &nbsp;
<small>(as of 17 August 2006)</small></center>
<br>
<p>Cross-Site Scripting (commonly abbreviated as XSS) is a security
issue that arises when an attacker can cause client-side script (such as
JavaScript) of his or her choosing to execute within another user's
browser in the context of a given web-site or web-application. This may
allow the attacker to steal that user's session cookies for the
web-application in question, or otherwise manipulate that user's session
context.
<p>XSS vulnerabilities most often arise if a web-application renders
data that originated from an untrusted source (such as a query
parameter) in a HTML document without carefully validating or escaping
that data.
<p>The following online resources provide further information on XSS
vulnerabilities and how to avoid them:
<ul>
<li>The Open Web Application Security Project (OWASP) has an
<a
href="http://www.owasp.org/index.php/Cross_Site_Scripting">introductory
article</a> on XSS.
</li>
<li>In addition, the OWASP's <a
href="http://www.owasp.org/index.php/Category:OWASP_Guide_Project">Guide to Building Secure Web
Applications and Web Services</a> and the <a
href="http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project">"Top
Ten" Vulnerabilities</a> include sections on XSS.
</li>
<li>The CERT Coordination Center published <a
href="http://www.cert.org/tech_tips/malicious_code_mitigation.html">Understanding
Malicious Content Mitigation for Web Developers</a> and <a
href="http://www.cert.org/advisories/CA-2000-02.html">Advisory
CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests</a>.
</li>
</ul>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink