This project is read-only.

Do not echo untrusted input

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Do not echo input back to the user without first validating and/or encoding the data. Echoing input directly back to the user may make client applications that rely on your service susceptible to malicious input attacks, such as cross-site scripting.

Last edited Apr 17, 2008 at 12:52 AM by prashantbansode, version 1


No comments yet.