2 Matching Annotations
  1. Aug 2022
  2. cheatsheetseries.owasp.org cheatsheetseries.owasp.org
    Cross Site Scripting Prevention - OWASP Cheat Sheet Series
    2
    1. TylerRick 15 Aug 2022
      If you're using JavaScript for writing to a HTML Attribute, look at the .setAttribute and [attribute] methods which will automatically HTML Attribute Encode. Those are Safe Sinks as long as the attribute name is hardcoded and innocuous, like id or class.
      output encoding HTML attribute context
    2. TylerRick 15 Aug 2022
      If you're using JavaScript for writing to HTML, look at the .textContent attribute as it is a Safe Sink and will automatically HTML Entity Encode.
      output encoding HTML context
    Visit annotations in context

    Tags

    Annotators

    URL

    cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html