That's a much better general principle, but oftentimes you have to use third-par... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

nostrademons on April 10, 2008 | parent | context | favorite | on: XSS (Cross Site Scripting) Cheat Sheet

That's a much better general principle, but oftentimes you have to use third-party software which you're not sure is safe. A checklist gives you a bunch of tests that you can quickly run to see if the developers were paying attention to XSS issues or not. You can decide whether or not to use the library based on the results.

Spez said recently that over half of Reddit's XSS issues were caused by Markdown. It's not unusual for websites to require 3rd-party forums or comment engines or skinning systems, too.

axod on April 10, 2008 | [–]

Good point. Relying on other peoples code is horrible. Has to be done sometimes though ;)

dhimes on April 10, 2008 | [–]

That's what's great about open source: I can monkey with the security to do custom checks.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact