Issue #438 - Improve XSS cheatsheet to address escape/encode confusion #449
Conversation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
I have changed the XSS prevention cheatsheet based on the discussion we had at issue #438 .
Basically, I removed word 'escape' where it does not follow the definition at https://owasp.org/www-project-proactive-controls/v3/en/c4-encode-escape-data.
I left a few references to 'escape' as well where I felt it follows the above definition.
Open for discussion
This PR covers issue #438