• Home
  • Solutions
    • Corporate applications
    • Knowledge engineering
    • Mobile web
    • References
  • About us
    • Philosophy
    • Life at Yaco
    • Join the team
  • Community
    • News
    • Projects
    • Contributions
  • Products
    • yaco.contents
    • yaco.commerce
    • yaco.social
    • yaco.socialcare
    • yaco.tourism
    • Modules
  • Clients Area
  • Contact us
  • Language
follow us in Facebook twitter blog
General Linux Python blog caching databases debugging django djangocon geodjango inauguracion jacobkaplanmoss misscripts opensource orm postgresql projects python security software yaco
Yaco on Facebook
border image
Join us
Join us

Life at Yaco

Contribuimos a:
morfeo django plone
  • xss
  • < go back to channels

Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems

Blog de Simon Willison Posted on April 14, 2009

Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems (via). The Google Online Security Blog reminds us that simply HTML-escaping everything isn’t enough—the type of escaping needed depends on the current markup context, for example variables inside JavaScript blocks should be escaped differently. Google’s open source Ctemplate library uses an HTML parser to keep track ...

ctemplate django escaping google html opensource security xss
external link Read More
Copyright © Yaco Sistemas S.L. All rights reserved | General Terms