diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Apr012009

Reducing XSS with Auto-Escaping in Template Systems

Google security team has introduced Automatic Context-Aware Escaping (Auto-Escape for short), a functionality added to two Google-developed general purpose template systems to better protect against Cross-Site Scripting (XSS). Consider the simplified template below in which double curly brackets {{ and }} enclose placeholders (variables) that are replaced with run-time content, presumed unsafe. In this template, four variables are used: USER_NAME, USER_ACCOUNT_URL, USER_COLOR, USER_ID

Full Article

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!