PragProg Customers

Release It! Second Edition: about Cross-Site Scripting (page 221)

rachelcarmena

rachelcarmena

Release It! Second Edition: about Cross-Site Scripting (page 221)

About “Cross-Site Scripting”:

Cross-site scripting (XSS) happens when a service renders a user’s input directly into HTML without applying input escaping.

I’d prefer “without applying input encoding”.

“escaping” and “encoding” could be used for the same purpose. Even OWASP talks about “encode/escape” in some pages. However, I’d prefer “encoding” because of this reason:

“Writing these encoders is not tremendously difficult, but there are quite a few hidden pitfalls. For example, you might be tempted to use some of the escaping shortcuts like " in JavaScript. However, these values are dangerous and may be misinterpreted by the nested parsers in the browser. You might also forget to escape the escape character, which attackers can use to neutralize your attempts to be safe. OWASP recommends using a security-focused encoding library to make sure these rules are properly implemented.”

Source: Cross Site Scripting Prevention - OWASP Cheat Sheet Series

View thread on forum
/book-release-it-second-edition#suggestion
0 585 0

Where Next?

View thread on forum
View Release It Second Edition's book portal
Post errata for this book
Post a suggestion for this book
Post a question about this book
Post a review about this book
Home PragProg Customers
/book-release-it-second-edition#suggestion
0 585 0
Last post

Popular Pragmatic Bookshelf topics Top

abtin
PragProg Customers

Distributed Services With Go - gogoproto on linux
page 20: … protoc command… I had to additionally run the following go get commands in order to be able to compile protobuf code using go...
#errata/book-distributed-services-with-go
14 2953 7
New
yulkin
PragProg Customers

Programming Flutter: Image.toByteData() does not exist (page40)
your book suggests to use Image.toByteData() to convert image to bytes, however I get the following error: "the getter ‘toByteData’ isn’t...
/book-programming-flutter#question
1 4102 2
New
lirux
PragProg Customers

The Ray Tracer Challenge: "Computing the normal on a transformed sphere" ebook test
Hi Jamis, I think there’s an issue with a test on chapter 6. I own the ebook, version P1.0 Feb. 2019. This test doesn’t pass for me: ...
#errata/book-the-ray-tracer-challenge
10 1461 5
New
mikecargal
PragProg Customers

Hands-on Rust: question about get_component
Title: Hands-on Rust: question about get_component (page 295) (feel free to respond. “You dug you’re own hole… good luck”) I have somet...
#question/book-hands-on-rust
1 1167 5
New
frasette
PragProg Customers

A Common-Sense Guide to Data Structures and Algorithms, Second Edition: erroneous extra space complexity (page400)
A Common-Sense Guide to Data Structures and Algorithms, Second Edition by Jay Wengrow @jaywengrow Hi, I have the paperback version of t...
#errata/book-a-common-sense-guide-to-data-structures-and-algorithms-second-edition
4 1180 2
New
jskubick
PragProg Customers

Kotlin and Android Development featuring Jetpack: Error in generated Game.java (page 136)
I’m under the impression that when the reader gets to page 136 (“View Data with the Database Inspector”), the code SHOULD be able to buil...
#question/book-kotlin-and-android-development-featuring-jetpack
2 1172 8
New
nicoatridge
PragProg Customers

Kotlin and Android Development: Could not get unknown property ‘kotlin_version’…
Hi, I have just acquired Michael Fazio’s “Kotlin and Android Development” to learn about game programming for Android. I have a game in p...
/book-kotlin-and-android-development-featuring-jetpack
0 8095 6
New
adamwoolhether
PragProg Customers

Powerful Command-Line Applications in Go: Exercise Solutions (many pages)
Is there any place where we can discuss the solutions to some of the exercises? I can figure most of them out, but am having trouble with...
#question/book-powerful-command-line-applications-in-go
17 1396 9
New
taguniversalmachine
PragProg Customers

Real-Time Phoenix: ProductChannelTest - undefined function describe/2 (pg 203)
Hi, I am getting an error I cannot figure out on my test. I have what I think is the exact code from the book, other than I changed “us...
#question/book-real-time-phoenix
0 1775 6
New
redconfetti
PragProg Customers

Docker for Rails Developers - 'docker-machine' command deprecated (page 156)
Docker-Machine became part of the Docker Toolbox, which was deprecated in 2020, long after Docker Desktop supported Docker Engine nativel...
/book-docker-for-rails-developers#suggestion
0 896 0
New

Other popular topics Top

PragmaticBookshelf
Backend>Learning Resources

Web Development with Clojure, Third Edition
Stop developing web apps with yesterday’s tools. Today, developers are increasingly adopting Clojure as a web-development platform. See f...
pragprog.com
#pragprog#web-development/clojure#published-book/book-web-development-with-clojure-third-edition
5 4584 1
New
brentjanderson
General Dev>Hardware

Moonlander Keyboard (Mechanical) (Ergonomic) (Split) (Ortholinear)
Bought the Moonlander mechanical keyboard. Cherry Brown MX switches. Arms and wrists have been hurting enough that it’s time I did someth...
#hardware/keyboards#moonlander#mechanical-keyboards#ortholinear#ergonomic
212 17779 90
New
AstonJ
General Dev>Hardware

Poll: Which keyboard layout do you use?
poll poll Be sure to check out @Dusty’s article posted here: An Introduction to Alternative Keyboard Layouts It’s one of the best write-...
colemakmods.github.io
#polls/keyboards
10 6048 11
New
AstonJ
General Dev>Hardware

Custom keyboard keycaps
There’s a whole world of custom keycaps out there that I didn’t know existed! Check out all of our Keycaps threads here: https://forum....
#hardware/keyboards#keycaps#mechanical-keyboards
15 11086 19
New
PragmaticBookshelf
Backend>Learning Resources

Programming Phoenix LiveView
Build highly interactive applications without ever leaving Elixir, the way the experts do. Let LiveView take care of performance, scalabi...
pragprog.com
#pragprog/elixir/phoenix#published-book/book-programming-phoenix-liveview
79 10267 23
New
AstonJ
General Dev>Dev Chat

Languages Without Garbage Collection
Continuing the discussion from Thinking about learning Crystal, let’s discuss - I was wondering which languages don’t GC - maybe we can c...
#garbage-collection
21 5575 7
New
foxtrottwist
General Dev>Dev Chat

Warp—The blazingly fast, Rust-based terminal
A few weeks ago I started using Warp a terminal written in rust. Though in it’s current state of development there are a few caveats (tab...
/rust#terminal
52 6785 22
New
PragmaticBookshelf
Community>In The Spotlight

Spotlight: Rebecca Skinner (Author) Interview and AMA!
Author Spotlight Rebecca Skinner @RebeccaSkinner Welcome to our latest author spotlight, where we sit down with Rebecca Skinner, auth...
#author-spotlight/haskell/book-effective-haskell
106 11719 28
New
hilfordjames
Windows>Chat

Taskbar Overflow Menu (NOT System Tray Overflow)
There appears to have been an update that has changed the terminology for what has previously been known as the Taskbar Overflow - this h...
#taskbar-overflow-win-11
3 3715 2
New
PragmaticBookshelf
Backend>Learning Resources

Engineering Elixir Applications
Develop, deploy, and debug BEAM applications using BEAMOps: a new paradigm that focuses on scalability, fault tolerance, and owning each ...
pragprog.com
#pragprog/elixir#published-book/book-engineering-elixir-applications
40 7136 21
New
Back to top

Latest in Release It! Second Edition

Release It! Second Edition Portal

PragProg Customers

Pragmatic Bookshelf PragProg Customers

Latest on Devtalk

Devtalk

We ❤️ helpful members!

We reward our most helpful members via our MOTM scheme - by giving away a whopping 25 books per year!

Member of the Month

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

EEF

Supporting innovation across the BEAM ecosystem.

coders51

We build reliable cloud platforms for business-critical systems.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that move you from confusion to "Aha, now I get it!"

View all our sponsors ❯

Categories:

Sub Categories:

Popular Portals

Devtalk Sponsors

Pragmatic Bookshelf

Practical resources that improve the lives of professional developers.

Erlang Solutions

We build trusted fault-tolerant systems that scale to billions of users.

Honeybadger

Real-time error tracking, performance insights, and observability for devs.

EEF

Supporting innovation across the BEAM ecosystem.

coders51

We build reliable cloud platforms for business-critical systems.

Manning Publications

Develop your skills with books, videos, and courses.

AppSignal

Catch errors, track performance, monitor hosts and more.

WyeWorks

Enabling companies to succeed by building software people love.

Pragmatic Studio

Courses that move you from confusion to "Aha, now I get it!"

View all our sponsors ❯

We're in Beta

About us Mission Statement See our Roadmap