Do Not Echo Untrusted Input

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Do not echo input back to the user without first validating and/or encoding the data. Echoing input directly back to the user may make client applications that rely on your service susceptible to malicious input attacks, such as cross-site scripting.

Last edited Jun 12, 2008 at 10:20 PM by prashantbansode, version 1

Comments

No comments yet.