PragProg Customers

Release It! Second Edition: about Cross-Site Scripting (page 221)

rachelcarmena

rachelcarmena

Release It! Second Edition: about Cross-Site Scripting (page 221)

About “Cross-Site Scripting”:

Cross-site scripting (XSS) happens when a service renders a user’s input directly into HTML without applying input escaping.

I’d prefer “without applying input encoding”.

“escaping” and “encoding” could be used for the same purpose. Even OWASP talks about “encode/escape” in some pages. However, I’d prefer “encoding” because of this reason:

“Writing these encoders is not tremendously difficult, but there are quite a few hidden pitfalls. For example, you might be tempted to use some of the escaping shortcuts like " in JavaScript. However, these values are dangerous and may be misinterpreted by the nested parsers in the browser. You might also forget to escape the escape character, which attackers can use to neutralize your attempts to be safe. OWASP recommends using a security-focused encoding library to make sure these rules are properly implemented.”

Source: Cross Site Scripting Prevention - OWASP Cheat Sheet Series

View thread on forum
/book-release-it-second-edition#suggestion
0 585 0

Where Next?

View thread on forum
View Release It Second Edition's book portal
Post errata for this book
Post a suggestion for this book
Post a question about this book
Post a review about this book
Home PragProg Customers
/book-release-it-second-edition#suggestion
0 585 0
Last post

Popular Pragmatic Bookshelf topics Top

iPaul
PragProg Customers

The Definitive ANTLR 4 Reference: Program deprecation warning
page 37 ANTLRInputStream input = new ANTLRInputStream(is); as of ANTLR 4 .8 should be: CharStream stream = CharStreams.fromStream(i...
#errata/book-the-definitive-antlr-4-reference
4 987 0
New
belgoros
PragProg Customers

Effective Testing with RSpec 3: Running Sequel migrations fails (page 84)
Following the steps described in Chapter 6 of the book, I’m stuck with running the migration as described on page 84: bundle exec sequel...
#errata/book-effective-testing-with-rspec-3
4 1152 1
New
edruder
PragProg Customers

Docker for Rails Developers: Notes for Rails 6.1, Ruby 2.7.2
I thought that there might be interest in using the book with Rails 6.1 and Ruby 2.7.2. I’ll note what I needed to do differently here. ...
/book-docker-for-rails-developers
9 1177 1
New
raul
PragProg Customers

Distributed Services with Go: Chapter 3 suggestions
Page 28: It implements io.ReaderAt on the store type. Sorry if it’s a dumb question but was the io.ReaderAt supposed to be io.ReadAt? ...
#errata/book-distributed-services-with-go
0 1302 3
New
gilesdotcodes
PragProg Customers

Modern CSS with Tailwind: setting up Rails app
In case this helps anyone, I’ve had issues setting up the rails source code. Here were the solutions: In Gemfile, change gem 'rails' t...
#errata/book-modern-css-with-tailwind
3 1278 2
New
brian-m-ops
PragProg Customers

Python Testing with pytest, Second Edition: cards pip install error (page 12)
#book-python-testing-with-pytest-second-edition Hi. Thanks for writing the book. I am just learning so this might just of been an issue ...
#errata/book-python-testing-with-pytest-second-edition
4 1191 3
New
tkhobbes
PragProg Customers

Modern Front-End Development for Rails - application does not start after run bin/setup (page xviii)
After some hassle, I was able to finally run bin/setup, now I have started the rails server but I get this error message right when I vis...
#errata/book-modern-front-end-development-for-rails
0 1461 5
New
redconfetti
PragProg Customers

Docker for Rails Developers - 'docker-machine' command deprecated (page 156)
Docker-Machine became part of the Docker Toolbox, which was deprecated in 2020, long after Docker Desktop supported Docker Engine nativel...
/book-docker-for-rails-developers#suggestion
0 896 0
New
gorkaio
PragProg Customers

Programming Phoenix LiveView: PentoWeb.LayoutView errata (56)
root_layout: {PentoWeb.LayoutView, :root}, This results in the following following error: no “root” html template defined for PentoWeb...
#errata/book-programming-phoenix-liveview
8 1094 4
New
dachristenson
PragProg Customers

Kotlin and Android Development featuring Jetpack: Transformations class doesn't seem to exist anymore (pp. 140-141
@mfazio23 Android Studio will not accept anything I do when trying to use the Transformations class, as described on pp. 140-141. Googl...
#errata/book-kotlin-and-android-development-featuring-jetpack
0 2155 5
New

Other popular topics Top

Devtalk
General Dev>Dev Chat

HELLO WORLD (Introductions thread!)
Hello Devtalk World! Please let us know a little about who you are and where you’re from :nerd_face:
#community
481 6762 116
New
dasdom
General Dev>Dev Chat

Standing Desks
No chair. I have a standing desk. This post was split into a dedicated thread from our thread about chairs :slight_smile:
#workspace#opinions
177 9886 77
New
brentjanderson
General Dev>Hardware

Moonlander Keyboard (Mechanical) (Ergonomic) (Split) (Ortholinear)
Bought the Moonlander mechanical keyboard. Cherry Brown MX switches. Arms and wrists have been hurting enough that it’s time I did someth...
#hardware/keyboards#moonlander#mechanical-keyboards#ortholinear#ergonomic
212 17779 90
New
DevotionGeo
General Dev>Code Editors

Dendron: a personal knowledge management tool on top of VSCode
/vscode#visual-studio-code
30 7372 9
New
AstonJ
General Dev>Hardware

Planck vs Preonic vs Subatomic (Keyboards)
I ended up cancelling my Moonlander order as I think it’s just going to be a bit too bulky for me. I think the Planck and the Preonic (o...
/keyboards#mechanical-keyboards#ortholinear#planck#preonic
105 17596 47
New
AstonJ
General Dev>Hardware

GMK Serika Keycaps - Serika 2 available to order now!
I have seen the keycaps I want - they are due for a group-buy this week but won’t be delivered until October next year!!! :rofl: The Ser...
/keyboards#keycaps#mechanical-keyboards
9 5097 7
New
AstonJ
General Dev>Hardware

BIIP MT3 Extended 2048 Custom Keycap Set (Drop)
This looks like a stunning keycap set :orange_heart: A LEGENDARY KEYBOARD LIVES ON When you bought an Apple Macintosh computer in the e...
/keyboards#apple#keycaps#mechanical-keyboards
14 6713 7
New
PragmaticBookshelf
Frontend>Learning Resources

Modern CSS with Tailwind
Tailwind CSS is an exciting new CSS framework that allows you to design your site by composing simple utility classes to create complex e...
pragprog.com
#pragprog/tailwind#published-book/book-modern-css-with-tailwind
12 5813 4
New
Margaret
General Dev>Sales

Get 50% off these PragProg books during our Think Again Sale
Think Again 50% Off Sale » The theme of this sale is new perspectives on familiar topics. Enter coupon code ThinkAgain2021 at checkout t...
#community#pragprog/elixir/book-a-common-sense-guide-to-data-structures-and-algorithms-second-edition/book-programming-machine-learning/book-the-ray-tracer-challenge/book-forge-your-future-with-open-source/book-software-design-x-rays#algorithms/book-testing-elixir#machine-learning#sale/book-concurrent-data-processing-in-elixir/book-intuitive-python
8 6415 2
New
AstonJ
AI>Chat

How to: Run DeepSeek on Mac, Windows, and Linux!
This is a very quick guide, you just need to: Download LM Studio: https://lmstudio.ai/ Click on search Type DeepSeek, then select the o...
#macs/deepseek#guides#lm-studio
14 9328 10
New
Back to top

Latest in Release It! Second Edition

Release It! Second Edition Portal

PragProg Customers

Pragmatic Bookshelf PragProg Customers

Latest on Devtalk

Devtalk

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Member of the Month

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

EEF

Supporting innovation across the BEAM ecosystem.

coders51

We build reliable cloud platforms for business-critical systems.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that move you from confusion to "Aha, now I get it!"

Linux New Media

Publishing Linux Magazine, ADMIN, and MakerSpace for 25+ years.

View all our sponsors ❯

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

EEF

Supporting innovation across the BEAM ecosystem.

coders51

We build reliable cloud platforms for business-critical systems.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that move you from confusion to "Aha, now I get it!"

Linux New Media

Publishing Linux Magazine, ADMIN, and MakerSpace for 25+ years.

View all our sponsors ❯

We're in Beta

About us Mission Statement See our Roadmap