PragProg Customers

Release It! Second Edition: about Cross-Site Scripting (page 221)

rachelcarmena

rachelcarmena

Release It! Second Edition: about Cross-Site Scripting (page 221)

About “Cross-Site Scripting”:

Cross-site scripting (XSS) happens when a service renders a user’s input directly into HTML without applying input escaping.

I’d prefer “without applying input encoding”.

“escaping” and “encoding” could be used for the same purpose. Even OWASP talks about “encode/escape” in some pages. However, I’d prefer “encoding” because of this reason:

“Writing these encoders is not tremendously difficult, but there are quite a few hidden pitfalls. For example, you might be tempted to use some of the escaping shortcuts like " in JavaScript. However, these values are dangerous and may be misinterpreted by the nested parsers in the browser. You might also forget to escape the escape character, which attackers can use to neutralize your attempts to be safe. OWASP recommends using a security-focused encoding library to make sure these rules are properly implemented.”

Source: Cross Site Scripting Prevention - OWASP Cheat Sheet Series

View thread on forum
/book-release-it-second-edition#suggestion
0 585 0

Where Next?

View thread on forum
View Release It Second Edition's book portal
Post errata for this book
Post a suggestion for this book
Post a question about this book
Post a review about this book
Home PragProg Customers
/book-release-it-second-edition#suggestion
0 585 0
Last post

Popular Pragmatic Bookshelf topics Top

jamis
PragProg Customers

The Ray Tracer Challenge: various errata
The following is cross-posted from the original Ray Tracer Challenge forum, from a post by garfieldnate. I’m cross-posting it so that the...
#errata/book-the-ray-tracer-challenge
4 2434 3
New
jeremyhuiskamp
PragProg Customers

Web Development with Clojure, Third Edition (vB17.0): create table syntax invalid
Title: Web Development with Clojure, Third Edition, vB17.0 (p9) The create table guestbook syntax suggested doesn’t seem to be accepted ...
#errata/book-web-development-with-clojure-third-edition
0 1835 1
New
frasette
PragProg Customers

A Common-Sense Guide to Data Structures and Algorithms, Second Edition: erroneous extra space complexity (page400)
A Common-Sense Guide to Data Structures and Algorithms, Second Edition by Jay Wengrow @jaywengrow Hi, I have the paperback version of t...
#errata/book-a-common-sense-guide-to-data-structures-and-algorithms-second-edition
4 1180 2
New
adamwoolhether
PragProg Customers

Distributed Services with Go: receiving Unknown flag: --go_opt when compiling protobuf (page 20)
When trying to generate the protobuf .go file, I receive this error: Unknown flag: --go_opt libprotoc 3.12.3 MacOS 11.3.1 Googling ...
/book-distributed-services-with-go
0 4924 3
New
jskubick
PragProg Customers

Kotlin and Android Development featuring Jetpack: SwitchCompat's thumbTint and trackTint being ignored (page 76)
I think I might have found a problem involving SwitchCompat, thumbTint, and trackTint. As entered, the SwitchCompat changes color to hol...
#errata/book-kotlin-and-android-development-featuring-jetpack
0 2749 2
New
hgkjshegfskef
PragProg Customers

The Ray Tracer Challenge: cannot pass scaling test (page 69-70)
The test is as follows: Scenario: Intersecting a scaled sphere with a ray Given r ← ray(point(0, 0, -5), vector(0, 0, 1)) And s ← sphere...
#question/book-the-ray-tracer-challenge
1 1093 4
New
brunogirin
PragProg Customers

Python Testing with pytest, Second Edition: unrecognized arguments error (page 122)
When I run the coverage example to report on missing lines, I get: pytest --cov=cards --report=term-missing ch7 ERROR: usage: pytest [op...
#errata/book-python-testing-with-pytest-second-edition
0 4000 1
New
brunogirin
PragProg Customers

Python Testing with pytest, Second Edition: InterpreterNotFound error when running tox (page 150)
When running tox for the first time, I got the following error: ERROR: InterpreterNotFound: python3.10 I realised that I was running ...
#errata/book-python-testing-with-pytest-second-edition
0 1306 1
New
taguniversalmachine
PragProg Customers

Real-Time Phoenix: ProductChannelTest - undefined function describe/2 (pg 203)
Hi, I am getting an error I cannot figure out on my test. I have what I think is the exact code from the book, other than I changed “us...
#question/book-real-time-phoenix
0 1775 6
New
bdarla
PragProg Customers

SQL Antipatterns, Volume 1: Volume 2?
Is there any plan for volume 2? :slight_smile:
#question/book-sql-antipatterns-volume-1
4 673 3
New

Other popular topics Top

AstonJ
General Dev>Hardware

Which keyboard do you have?
If it’s a mechanical keyboard, which switches do you have? Would you recommend it? Why? What will your next keyboard be? Pics always w...
#hardware/keyboards#sticky#mechanical-keyboards
144 9115 50
New
PragmaticBookshelf
General Dev>Learning Resources

A Common-Sense Guide to Data Structures and Algorithms, Second Edition
Algorithms and data structures are much more than abstract concepts. Mastering them enables you to write code that runs faster and more e...
pragprog.com
#pragprog/python/ruby#published-book/book-a-common-sense-guide-to-data-structures-and-algorithms-second-edition#math#algorithms/js
19 6022 5
New
PragmaticBookshelf
Game Dev>Learning Resources

The Ray Tracer Challenge
Brace yourself for a fun challenge: build a photorealistic 3D renderer from scratch! In just a couple of weeks, build a ray tracer that r...
pragprog.com
#pragprog#published-book/book-the-ray-tracer-challenge#algorithms
3 6115 0
New
PragmaticBookshelf
Backend>Learning Resources

Testing Elixir
Write Elixir tests that you can be proud of. Dive into Elixir’s test philosophy and gain mastery over the terminology and concepts that u...
pragprog.com
#pragprog/elixir#published-book/book-testing-elixir
33 5004 8
New
PragmaticBookshelf
Game Dev>Learning Resources

Apple Game Frameworks and Technologies
Design and develop sophisticated 2D games that are as much fun to make as they are to play. From particle effects and pathfinding to soci...
pragprog.com
#pragprog#ios#game-dev#macos/swift#published-book#apple/book-apple-game-frameworks-and-technologies
30 7995 10
New
AstonJ
General Dev>Hardware

Custom keyboard keycaps
There’s a whole world of custom keycaps out there that I didn’t know existed! Check out all of our Keycaps threads here: https://forum....
#hardware/keyboards#keycaps#mechanical-keyboards
15 11086 19
New
AstonJ
General Dev>Hardware

Planck vs Preonic vs Subatomic (Keyboards)
I ended up cancelling my Moonlander order as I think it’s just going to be a bit too bulky for me. I think the Planck and the Preonic (o...
/keyboards#mechanical-keyboards#ortholinear#planck#preonic
105 17596 47
New
AstonJ
Backend>Chat

How to install Ruby 3 with ASDF
In case anyone else is wondering why Ruby 3 doesn’t show when you do asdf list-all ruby :man_facepalming: do this first: asdf plugin-upd...
/ruby#asdf
11 5961 4
New
AstonJ
Backend>Chat

Rails console using 100% CPU in dev (fix)
If you are experiencing Rails console using 100% CPU on your dev machine, then updating your development and test gems might fix the issu...
/ruby/rails
3 4188 3
New
First poster: CommunityNews
AI>In The News

How to fix the eyes in AI-generated images
aidemos.info
0 4508 0
New
Back to top

Latest in Release It! Second Edition

Release It! Second Edition Portal

PragProg Customers

Pragmatic Bookshelf PragProg Customers

Latest on Devtalk

Devtalk

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Member of the Month

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

EEF

Supporting innovation across the BEAM ecosystem.

coders51

We build reliable cloud platforms for business-critical systems.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that move you from confusion to "Aha, now I get it!"

View all our sponsors ❯

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

EEF

Supporting innovation across the BEAM ecosystem.

coders51

We build reliable cloud platforms for business-critical systems.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that move you from confusion to "Aha, now I get it!"

View all our sponsors ❯

We're in Beta

About us Mission Statement See our Roadmap