Do not echo untrusted input

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Do not echo input back to the user without first validating and/or encoding the data. Echoing input directly back to the user may make client applications that rely on your service susceptible to malicious input attacks, such as cross-site scripting.

Last edited Apr 16, 2008 at 11:52 PM by prashantbansode, version 1


No comments yet.