diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Apr012009

Reducing XSS with Auto-Escaping in Template Systems

Google security team has introduced Automatic Context-Aware Escaping (Auto-Escape for short), a functionality added to two Google-developed general purpose template systems to better protect against Cross-Site Scripting (XSS). Consider the simplified template below in which double curly brackets {{ and }} enclose placeholders (variables) that are replaced with run-time content, presumed unsafe. In this template, four variables are used: USER_NAME, USER_ACCOUNT_URL, USER_COLOR, USER_ID

Full Article

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...