rachelcarmena

Release It! Second Edition: about Cross-Site Scripting (page 221)

About “Cross-Site Scripting”:

Cross-site scripting (XSS) happens when a service renders a user’s input directly into HTML without applying input escaping.

I’d prefer “without applying input encoding”.

“escaping” and “encoding” could be used for the same purpose. Even OWASP talks about “encode/escape” in some pages. However, I’d prefer “encoding” because of this reason:

“Writing these encoders is not tremendously difficult, but there are quite a few hidden pitfalls. For example, you might be tempted to use some of the escaping shortcuts like " in JavaScript. However, these values are dangerous and may be misinterpreted by the nested parsers in the browser. You might also forget to escape the escape character, which attackers can use to neutralize your attempts to be safe. OWASP recommends using a security-focused encoding library to make sure these rules are properly implemented.”

Source: Cross Site Scripting Prevention - OWASP Cheat Sheet Series

View thread on forum

/book-release-it-second-edition #suggestion

0 585 0

2021-09-05 16:50:24 UTC

Where Next?

View thread on forum

View Release It Second Edition's book portal

Post errata for this book

Post a suggestion for this book

Post a question about this book

Post a review about this book

Home PragProg Customers

/book-release-it-second-edition #suggestion

0 585 0

Last post

Popular Pragmatic Bookshelf topics

PragProg Customers

Distributed Services With Go - gogoproto on linux

page 20: … protoc command… I had to additionally run the following go get commands in order to be able to compile protobuf code using go...

#errata /book-distributed-services-with-go

14 2953 7

2020-10-16 05:21:10 UTC

New

PragProg Customers

Python Testing with pytest: pytest now requires markers to be declared (downloadable code)

Many tasks_proj/tests directories exist in chapters 2, 3, 5 that have tests that use the custom markers smoke and get, which are not decl...

#errata /book-python-testing-with-pytest

2 1383 2

2021-02-16 14:15:02 UTC

New

PragProg Customers

The Ray Tracer Challenge: "Computing the normal on a transformed sphere" ebook test

Hi Jamis, I think there’s an issue with a test on chapter 6. I own the ebook, version P1.0 Feb. 2019. This test doesn’t pass for me: ...

#errata /book-the-ray-tracer-challenge

10 1461 5

2025-01-13 14:42:44 UTC

New

PragProg Customers

Programming Phoenix LiveView: errata and remarks Version B2.0

The generated iex result below should list products instead of product for the metadata. (page 67) iex> product = %Product{} %Pento....

#errata /book-programming-phoenix-liveview

0 1800 20

2021-03-23 10:33:03 UTC

New

PragProg Customers

Python Testing with pytest, Second Edition: unrecognized arguments error (page 122)

When I run the coverage example to report on missing lines, I get: pytest --cov=cards --report=term-missing ch7 ERROR: usage: pytest [op...

#errata /book-python-testing-with-pytest-second-edition

0 4000 1

2021-12-03 05:36:38 UTC

New

PragProg Customers

Programming Phoenix LiveView: book not updated to version 1.6 (p. 18)

In general, the book isn’t yet updated for Phoenix version 1.6. On page 18 of the book, the authors indicate that an auto generated of ro...

#errata /book-programming-phoenix-liveview

9 2051 12

2022-02-08 11:31:40 UTC

New

PragProg Customers

Agile Web Development with Rails 7: page 113 - Seeing the list of products

I’m a newbie to Rails 7 and have hit an issue with the bin/Dev script mentioned on pages 112-113. Iteration A1 - Seeing the list of prod...

#question /book-agile-web-development-with-rails-7

0 2631 9

2024-01-06 20:36:27 UTC

New

PragProg Customers

Kotlin and Android Development featuring Jetpack: allprojects should be moved to settings.gradle (page 245)

The allprojects block listed on page 245 produces the following error when syncing gradle: “org.gradle.api.GradleScriptException: A prob...

#suggestion /book-kotlin-and-android-development-featuring-jetpack

1 2304 1

2022-02-26 23:52:12 UTC

New

PragProg Customers

Hands on Rust: Need help with error - thread 'main' panicked at 'Failed to load texture

Hi, I need some help, I’m new to rust and was learning through your book. but I got stuck at the last stage of distribution. Whenever I t...

#question /book-hands-on-rust

3 1989 5

2022-12-03 00:17:31 UTC

New

PragProg Customers

Kotlin and Android Development featuring Jetpack: End Ch. 11 app runs but consistently crashes

I’ve got to the end of Ch. 11, and the app runs, with all tabs displaying what they should – at first. After switching around between St...

#question /book-kotlin-and-android-development-featuring-jetpack

0 936 8

2024-01-05 05:43:55 UTC

New

Other popular topics

Linux>Questions

AMD or Intel for Programming with Linux as the OS?

I am thinking in building or buy a desktop computer for programing, both professionally and on my free time, and my choice of OS is Linux...

#mobile #android #web-development #linux #desktop-computer #mobile-development

36 6006 10

2020-07-12 20:50:05 UTC

New

General Dev>Hardware

What monitor(s) do you have for programming?

Please tell us what is your preferred monitor setup for programming(not gaming) and why you have chosen it. Does your monitor have eye p...

#monitors #coding #programming #development

227 11362 88

2022-02-01 12:02:08 UTC

New

General Dev>Dev Chat

Which language or framework do you want to learn next?

Curious to know which languages and frameworks you’re all thinking about learning next :upside_down_face: Perhaps if there’s enough peop...

#community #learning

243 6639 97

2025-12-01 07:17:12 UTC

New

General Dev>Hardware

Keyboard thock (sound)

I’ve been hearing quite a lot of comments relating to the sound of a keyboard, with one of the most desirable of these called ‘thock’, he...

/keyboards #mechanical-keyboards

14 11197 8

2020-11-11 11:59:23 UTC

New

General Dev>Hardware

GMK Serika Keycaps - Serika 2 available to order now!

I have seen the keycaps I want - they are due for a group-buy this week but won’t be delivered until October next year!!! :rofl: The Ser...

/keyboards #keycaps #mechanical-keyboards

9 5097 7

2020-12-05 21:32:30 UTC

New

Frontend>Learning Resources

Modern CSS with Tailwind

Tailwind CSS is an exciting new CSS framework that allows you to design your site by composing simple utility classes to create complex e...

pragprog.com

#pragprog /tailwind #published-book /book-modern-css-with-tailwind

12 5813 4

2021-05-13 14:50:23 UTC

New

General Dev>Sales

Get 50% off these PragProg books during our Think Again Sale

Think Again 50% Off Sale » The theme of this sale is new perspectives on familiar topics. Enter coupon code ThinkAgain2021 at checkout t...

#community #pragprog /elixir /book-a-common-sense-guide-to-data-structures-and-algorithms-second-edition /book-programming-machine-learning /book-the-ray-tracer-challenge /book-forge-your-future-with-open-source /book-software-design-x-rays #algorithms /book-testing-elixir #machine-learning #sale /book-concurrent-data-processing-in-elixir /book-intuitive-python

8 6415 2

2021-05-11 23:06:15 UTC

New

Community>In The Spotlight

Spotlight: Rebecca Skinner (Author) Interview and AMA!

Author Spotlight Rebecca Skinner @RebeccaSkinner Welcome to our latest author spotlight, where we sit down with Rebecca Skinner, auth...

#author-spotlight /haskell /book-effective-haskell

106 11719 28

2022-11-16 10:29:37 UTC

New

General Dev>Questions

Do you prefer regular mechanical keyboards or low profile mechanical keyboards and why?

I have always used antique keyboards like Cherry MX 1800 or Cherry MX 8100 and almost always have modified the switches in some way, like...

/keyboards #mechanical-keyboards

27 3877 9

2023-02-06 21:10:15 UTC

New

Backend>Official News

Node.js v22.14.0 released!

Node.js v22.14.0 has been released. Link: Release 2025-02-11, Version 22.14.0 'Jod' (LTS), @aduh95 · nodejs/node · GitHub

github.com

/nodejs #official-news

0 4251 0

2025-02-11 15:30:14 UTC

New

Back to top

Latest in Release It! Second Edition

Typo in client connection diagram (page 174)

PragProg Customers

Please elaborate on block threads could be jettisoned, instead of making the external integra calls (page 27)

PragProg Customers

Tcp errors

PragProg Customers

Wrong number of tcp connections (page 55)

PragProg Customers

About adaptation (page 323)

PragProg Customers

About breaking api changes (page 268)

PragProg Customers

About deploy like the pros (page 261)

PragProg Customers

About relational database schemata (page 250)

PragProg Customers

About cross-site scripting (page 221)

PragProg Customers

About unbounded result sets (page 88)

PragProg Customers

Another relation between faults, errors and failures (page 29)

PragProg Customers

Release it! second edition - typo (page 294)

PragProg Customers

Release It! Second Edition (PragProg)

General Dev>Learning Resources

Release It! Second Edition Portal ❯

PragProg Customers

Genetic Algorithms in Elixir: Error in task script from ch11 page 180 ebook version 1.0.2

PragProg Customers

High Performance PostgreSQL for Rails: Off-by-one length bug in `SCRUB_EMAIL` (page 52)

PragProg Customers

Advanced Functional Programming with Elixir: Compilation error in file lib/fun_park/ride/fast_lane.ex:73:32:

PragProg Customers

Rust Brain Teasers: Puzzle 10 page 40 Chi

PragProg Customers

Programming Elixir >= 1.6 Errata

PragProg Customers

Programming Clojure, Fourth Edition: tail recursion (suggestion, page 42)

PragProg Customers

Programming Clojure, Fourth Edition: Fallthough for cond (p. 41, suggestion)

PragProg Customers

Programming Clojure, Fourth Edition: Access static methods (page 38)

PragProg Customers

Programming Clojure, Fourth Edition: disambiguation comment (page 38)

PragProg Customers

Programming Clojure, Fourth Edition: empty box (page 24)

PragProg Customers

Pragmatic Bookshelf PragProg Customers ❯

Latest on Devtalk

The Cost of Delegation

AI>Blogs/Talks

Grammarly pulls AI author-impersonation tool after backlash

AI>In The News

Anthropic’s Claude AI can respond with charts, diagrams, and other visuals now

AI>In The News

Google Chrome is coming to Arm-powered Linux devices later this year

Linux>In The News

Nova v0.13.10 released!

Backend>Official News

Quarkus 3.34.0.CR1 released!

Backend>Official News

Spring v6.2.17 released!

Backend>Official News

FreeCAD: Your own 3D parametric modeler

General Dev>In The News

A Beginner’s Guide to Split Keyboards

General Dev>In The News

An AI Agent Published a Hit Piece on Me – The Operator Came Forward

AI>In The News

Consistency diffusion language models: Up to 14x faster inference without sacrificing quality

AI>In The News

Apple's MacBook Neo makes repairs easier and cheaper than other MacBooks

macOS>In The News

Looking for a Partner to help lead our small Indie Studio (Rev-Share)

Game Dev>Jobs

Erlang OTP-28.4.1 and OTP-27.3.4.9 released!

Backend>Official News

Sprites on the Web

General Dev>In The News

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Member of the Month

Categories:

Sub Categories:

We're in Beta

About us Mission Statement See our Roadmap